security: Revert behavior of extension access for compatibility.
Previously, three extensions were defined as "trusted" by the extension:
BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted
to be used by untrusted clients.
In commit 8b5d21cc1d
this was changed for
some reason. Return to the old, compatible behavior.
This commit is contained in:
parent
56a5955c8c
commit
6045506be0
|
@ -61,10 +61,10 @@ typedef struct {
|
|||
} SecurityStateRec;
|
||||
|
||||
/* Extensions that untrusted clients shouldn't have access to */
|
||||
static char *SecurityUntrustedExtensions[] = {
|
||||
"RandR",
|
||||
"SECURITY",
|
||||
"XFree86-DGA",
|
||||
static char *SecurityTrustedExtensions[] = {
|
||||
"XC-MISC",
|
||||
"BIG-REQUESTS",
|
||||
"XpExtension",
|
||||
NULL
|
||||
};
|
||||
|
||||
|
@ -852,16 +852,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
|
||||
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
||||
|
||||
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
|
||||
while (SecurityUntrustedExtensions[i])
|
||||
if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) {
|
||||
SecurityAudit("Security: denied client %d access to extension "
|
||||
"%s on request %s\n",
|
||||
rec->client->index, rec->ext->name,
|
||||
SecurityLookupRequestName(rec->client));
|
||||
rec->status = BadAccess;
|
||||
return;
|
||||
}
|
||||
if (subj->haveState && subj->trustLevel == XSecurityClientTrusted)
|
||||
return;
|
||||
|
||||
while (SecurityTrustedExtensions[i])
|
||||
if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name))
|
||||
return;
|
||||
|
||||
SecurityAudit("Security: denied client %d access to extension "
|
||||
"%s on request %s\n",
|
||||
rec->client->index, rec->ext->name,
|
||||
SecurityLookupRequestName(rec->client));
|
||||
rec->status = BadAccess;
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
Loading…
Reference in New Issue
Block a user