summaryrefslogtreecommitdiff
path: root/Xext
diff options
context:
space:
mode:
authorEamon Walsh <ewalsh@tycho.nsa.gov>2009-04-16 22:33:12 -0400
committerEamon Walsh <ewalsh@tycho.nsa.gov>2009-04-16 23:46:00 -0400
commit6045506be0cebca4ebbe943ae77f020aafa703d4 (patch)
treedf042257dc3ea3c32b416d711a8bf62b55975648 /Xext
parent56a5955c8cd87137248edb2cbc65d384376d72ad (diff)
security: Revert behavior of extension access for compatibility.
Previously, three extensions were defined as "trusted" by the extension: BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted to be used by untrusted clients. In commit 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763 this was changed for some reason. Return to the old, compatible behavior.
Diffstat (limited to 'Xext')
-rw-r--r--Xext/security.c30
1 files changed, 16 insertions, 14 deletions
diff --git a/Xext/security.c b/Xext/security.c
index c9077c87e..0cbb7e37e 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -61,10 +61,10 @@ typedef struct {
} SecurityStateRec;
/* Extensions that untrusted clients shouldn't have access to */
-static char *SecurityUntrustedExtensions[] = {
- "RandR",
- "SECURITY",
- "XFree86-DGA",
+static char *SecurityTrustedExtensions[] = {
+ "XC-MISC",
+ "BIG-REQUESTS",
+ "XpExtension",
NULL
};
@@ -852,16 +852,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
- if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
- while (SecurityUntrustedExtensions[i])
- if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) {
- SecurityAudit("Security: denied client %d access to extension "
- "%s on request %s\n",
- rec->client->index, rec->ext->name,
- SecurityLookupRequestName(rec->client));
- rec->status = BadAccess;
- return;
- }
+ if (subj->haveState && subj->trustLevel == XSecurityClientTrusted)
+ return;
+
+ while (SecurityTrustedExtensions[i])
+ if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name))
+ return;
+
+ SecurityAudit("Security: denied client %d access to extension "
+ "%s on request %s\n",
+ rec->client->index, rec->ext->name,
+ SecurityLookupRequestName(rec->client));
+ rec->status = BadAccess;
}
static void