diff options
| author | Ray Strode <rstrode@redhat.com> | 2015-05-05 16:43:43 -0400 |
|---|---|---|
| committer | Keith Packard <keithp@keithp.com> | 2015-05-26 11:22:21 -0700 |
| commit | 4b4b9086d02b80549981d205fb1f495edc373538 (patch) | |
| tree | 504379480690d86c5f5084100f4427cd9f14633a /include | |
| parent | c4534a38b68aa07fb82318040dc8154fb48a9588 (diff) | |
os: support new implicit local user access mode [CVE-2015-3164 2/3]
If the X server is started without a '-auth' argument, then
it gets started wide open to all local users on the system.
This isn't a great default access model, but changing it in
Xorg at this point would break backward compatibility.
Xwayland, on the other hand is new, and much more targeted
in scope. It could, in theory, be changed to allow the much
more secure default of a "user who started X server can connect
clients to that server."
This commit paves the way for that change, by adding a mechanism
for DDXs to opt-in to that behavior. They merely need to call
LocalAccessScopeUser()
in their init functions.
A subsequent commit will add that call for Xwayland.
Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/os.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/os.h b/include/os.h index 6638c8443..b2b96c863 100644 --- a/include/os.h +++ b/include/os.h @@ -431,11 +431,28 @@ extern _X_EXPORT void ResetHosts(const char *display); extern _X_EXPORT void +EnableLocalAccess(void); + +extern _X_EXPORT void +DisableLocalAccess(void); + +extern _X_EXPORT void EnableLocalHost(void); extern _X_EXPORT void DisableLocalHost(void); +#ifndef NO_LOCAL_CLIENT_CRED +extern _X_EXPORT void +EnableLocalUser(void); + +extern _X_EXPORT void +DisableLocalUser(void); + +extern _X_EXPORT void +LocalAccessScopeUser(void); +#endif + extern _X_EXPORT void AccessUsingXdmcp(void); |