diff options
author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2009-04-16 22:33:12 -0400 |
---|---|---|
committer | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2009-04-16 23:46:00 -0400 |
commit | 6045506be0cebca4ebbe943ae77f020aafa703d4 (patch) | |
tree | df042257dc3ea3c32b416d711a8bf62b55975648 /Xext | |
parent | 56a5955c8cd87137248edb2cbc65d384376d72ad (diff) |
security: Revert behavior of extension access for compatibility.
Previously, three extensions were defined as "trusted" by the extension:
BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted
to be used by untrusted clients.
In commit 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763 this was changed for
some reason. Return to the old, compatible behavior.
Diffstat (limited to 'Xext')
-rw-r--r-- | Xext/security.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/Xext/security.c b/Xext/security.c index c9077c87e..0cbb7e37e 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -61,10 +61,10 @@ typedef struct { } SecurityStateRec; /* Extensions that untrusted clients shouldn't have access to */ -static char *SecurityUntrustedExtensions[] = { - "RandR", - "SECURITY", - "XFree86-DGA", +static char *SecurityTrustedExtensions[] = { + "XC-MISC", + "BIG-REQUESTS", + "XpExtension", NULL }; @@ -852,16 +852,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); - if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) - while (SecurityUntrustedExtensions[i]) - if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) { - SecurityAudit("Security: denied client %d access to extension " - "%s on request %s\n", - rec->client->index, rec->ext->name, - SecurityLookupRequestName(rec->client)); - rec->status = BadAccess; - return; - } + if (subj->haveState && subj->trustLevel == XSecurityClientTrusted) + return; + + while (SecurityTrustedExtensions[i]) + if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name)) + return; + + SecurityAudit("Security: denied client %d access to extension " + "%s on request %s\n", + rec->client->index, rec->ext->name, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; } static void |