security: Grant untrusted windows remove access on all windows.server-1.5-branch

This allows untrusted clients to destroy their own windows when they have been reparented by a trusted window manager. (cherry picked from commit 4559d2ace6ac55fe361f572ded0769cdd1f3b545)
author: Eamon Walsh <ewalsh@tycho.nsa.gov> 2009-04-16 22:48:11 -0400
committer: Eamon Walsh <ewalsh@tycho.nsa.gov> 2009-04-16 23:50:13 -0400
commit: e1edd9e6689ea614167294a4f0eaa93c06f570fb (patch)
tree: 76e037e7687da12fb41bc89707977dbcd4b6f462
parent: a26ae2c63d73b6f8cfb9757c4db451bc68e6a947 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/Xext/security.c b/Xext/security.c
index d185ee35e..e65fc8ddf 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -76,6 +76,7 @@ static char *SecurityTrustedExtensions[] = {
 static const Mask SecurityResourceMask =
     DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
     DixGetPropAccess | DixListAccess;
+static const Mask SecurityWindowExtraMask = DixRemoveAccess;
 static const Mask SecurityRootWindowExtraMask =
     DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
 static const Mask SecurityDeviceMask =
@@ -819,6 +820,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
 	    ((WindowPtr)rec->res)->forcedBG = TRUE;
 
+    /* additional permissions for specific resource types */
+    if (rec->rtype == RT_WINDOW)
+	allowed |= SecurityWindowExtraMask;
+
     /* special checks for server-owned resources */
     if (cid == 0) {
 	if (rec->rtype & RC_DRAWABLE)
author	Eamon Walsh <ewalsh@tycho.nsa.gov>	2009-04-16 22:48:11 -0400
committer	Eamon Walsh <ewalsh@tycho.nsa.gov>	2009-04-16 23:50:13 -0400
commit	e1edd9e6689ea614167294a4f0eaa93c06f570fb (patch)
tree	76e037e7687da12fb41bc89707977dbcd4b6f462
parent	a26ae2c63d73b6f8cfb9757c4db451bc68e6a947 (diff)