diff options
author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2009-04-16 22:48:11 -0400 |
---|---|---|
committer | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2009-04-16 23:46:01 -0400 |
commit | 4559d2ace6ac55fe361f572ded0769cdd1f3b545 (patch) | |
tree | 5b294c85db271ed574d6f1da5173bcccd9a60f11 /Xext | |
parent | 3481b32ab971c41cb972f6819ae049f3e9f7033b (diff) |
security: Grant untrusted windows remove access on all windows.
This allows untrusted clients to destroy their own windows when they
have been reparented by a trusted window manager.
Diffstat (limited to 'Xext')
-rw-r--r-- | Xext/security.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Xext/security.c b/Xext/security.c index f1e0bb16f..7962fdb37 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -74,6 +74,7 @@ static char *SecurityTrustedExtensions[] = { static const Mask SecurityResourceMask = DixGetAttrAccess | DixReceiveAccess | DixListPropAccess | DixGetPropAccess | DixListAccess; +static const Mask SecurityWindowExtraMask = DixRemoveAccess; static const Mask SecurityRootWindowExtraMask = DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess; static const Mask SecurityDeviceMask = @@ -817,6 +818,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) ((WindowPtr)rec->res)->forcedBG = TRUE; + /* additional permissions for specific resource types */ + if (rec->rtype == RT_WINDOW) + allowed |= SecurityWindowExtraMask; + /* special checks for server-owned resources */ if (cid == 0) { if (rec->rtype & RC_DRAWABLE) |