summaryrefslogtreecommitdiff
path: root/Xext
diff options
context:
space:
mode:
authorEamon Walsh <ewalsh@tycho.nsa.gov>2009-04-16 22:48:11 -0400
committerEamon Walsh <ewalsh@tycho.nsa.gov>2009-04-16 23:46:01 -0400
commit4559d2ace6ac55fe361f572ded0769cdd1f3b545 (patch)
tree5b294c85db271ed574d6f1da5173bcccd9a60f11 /Xext
parent3481b32ab971c41cb972f6819ae049f3e9f7033b (diff)
security: Grant untrusted windows remove access on all windows.
This allows untrusted clients to destroy their own windows when they have been reparented by a trusted window manager.
Diffstat (limited to 'Xext')
-rw-r--r--Xext/security.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/Xext/security.c b/Xext/security.c
index f1e0bb16f..7962fdb37 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -74,6 +74,7 @@ static char *SecurityTrustedExtensions[] = {
static const Mask SecurityResourceMask =
DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
DixGetPropAccess | DixListAccess;
+static const Mask SecurityWindowExtraMask = DixRemoveAccess;
static const Mask SecurityRootWindowExtraMask =
DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
static const Mask SecurityDeviceMask =
@@ -817,6 +818,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
((WindowPtr)rec->res)->forcedBG = TRUE;
+ /* additional permissions for specific resource types */
+ if (rec->rtype == RT_WINDOW)
+ allowed |= SecurityWindowExtraMask;
+
/* special checks for server-owned resources */
if (cid == 0) {
if (rec->rtype & RC_DRAWABLE)