Add a command line argument for disabling indirect GLX.

The attack surface for indirect GLX is huge, and it's of no use to most people (if you get an indirect GL context, you're better served by a immediate X error than actually trying to use an indirect GL context and finding out that it doesn't support doing anything you want, slowly). This flag gives you a chance to disable indirect GLX in environments where you just don't need it. I put in both the '+' and '-' arguments right now, so that it's easy to patch the value to change the default policy. Signed-off-by: Eric Anholt <eric@anholt.net> Acked-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Keith Packard <keithp@keithp.com> Signed-off-by: Keith Packard <keithp@keithp.com>
2014-04-23 09:52:17 -07:00 · 2014-04-23 09:52:17 -07:00 · 99f0365b1f
commit 99f0365b1f
parent a4d96afdbd
3 changed files with 20 additions and 0 deletions
--- a/glx/glxcmds.c
+++ b/glx/glxcmds.c
@ -275,6 +275,17 @@ DoCreateContext(__GLXclientState * cl, GLXContextID gcId,
     ** Allocate memory for the new context
     */
    if (!isDirect) {
+        /* Only allow creating indirect GLX contexts if allowed by
+         * server command line.  Indirect GLX is of limited use (since
+         * it's only GL 1.4), it's slower than direct contexts, and
+         * it's a massive attack surface for buffer overflow type
+         * errors.
+         */
+        if (!enableIndirectGLX) {
+            client->errorValue = isDirect;
+            return BadValue;
+        }
+
        /* Without any attributes, the only error that the driver should be
         * able to generate is BadAlloc.  As result, just drop the error
         * returned from the driver on the floor.
--- a/include/opaque.h
+++ b/include/opaque.h
@ -56,6 +56,7 @@ extern _X_EXPORT Bool explicit_display;
 extern _X_EXPORT int defaultBackingStore;
 extern _X_EXPORT Bool disableBackingStore;
 extern _X_EXPORT Bool enableBackingStore;
+extern _X_EXPORT Bool enableIndirectGLX;
 extern _X_EXPORT Bool PartialNetwork;
 extern _X_EXPORT Bool RunFromSigStopParent;

--- a/os/utils.c
+++ b/os/utils.c
@ -194,6 +194,8 @@ Bool noGEExtension = FALSE;

 Bool CoreDump;

+Bool enableIndirectGLX = TRUE;
+
 #ifdef PANORAMIX
 Bool PanoramiXExtensionDisabledHack = FALSE;
 #endif
@ -538,6 +540,8 @@ UseMsg(void)
    ErrorF("-fn string             default font name\n");
    ErrorF("-fp string             default font path\n");
    ErrorF("-help                  prints message with these options\n");
+    ErrorF("+iglx                  Allow creating indirect GLX contexts (default)\n");
+    ErrorF("-iglx                  Prohibit creating indirect GLX contexts\n");
    ErrorF("-I                     ignore all remaining arguments\n");
 #ifdef RLIMIT_DATA
    ErrorF("-ld int                limit data space to N Kb\n");
@ -784,6 +788,10 @@ ProcessCommandLine(int argc, char *argv[])
            UseMsg();
            exit(0);
        }
+        else if (strcmp(argv[i], "+iglx") == 0)
+            enableIndirectGLX = TRUE;
+        else if (strcmp(argv[i], "-iglx") == 0)
+            enableIndirectGLX = FALSE;
        else if ((skip = XkbProcessArguments(argc, argv, i)) != 0) {
            if (skip > 0)
                i += skip - 1;