security: Grant untrusted windows remove access on all windows.
This allows untrusted clients to destroy their own windows when they
have been reparented by a trusted window manager.
(cherry picked from commit 4559d2ace6
)
This commit is contained in:
parent
a26ae2c63d
commit
e1edd9e668
|
@ -76,6 +76,7 @@ static char *SecurityTrustedExtensions[] = {
|
|||
static const Mask SecurityResourceMask =
|
||||
DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
|
||||
DixGetPropAccess | DixListAccess;
|
||||
static const Mask SecurityWindowExtraMask = DixRemoveAccess;
|
||||
static const Mask SecurityRootWindowExtraMask =
|
||||
DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
|
||||
static const Mask SecurityDeviceMask =
|
||||
|
@ -819,6 +820,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
|
||||
((WindowPtr)rec->res)->forcedBG = TRUE;
|
||||
|
||||
/* additional permissions for specific resource types */
|
||||
if (rec->rtype == RT_WINDOW)
|
||||
allowed |= SecurityWindowExtraMask;
|
||||
|
||||
/* special checks for server-owned resources */
|
||||
if (cid == 0) {
|
||||
if (rec->rtype & RC_DRAWABLE)
|
||||
|
|
Loading…
Reference in New Issue
Block a user