frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Xnamespace: whitelist access to some server resources 

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This commit is contained in:
Enrico Weigelt, metux IT consult 2025-03-19 10:50:56 +01:00
parent 8df9373199
commit 21e890e5fc
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Xext/namespace/hook-resource.c
View File

@ -6,6 +6,7 @@
#include "dix/dix_priv.h" #include "dix/dix_priv.h"
#include "dix/extension_priv.h" #include "dix/extension_priv.h"
#include "dix/registry_priv.h"
#include "dix/window_priv.h" #include "dix/window_priv.h"
#include "Xext/xacestr.h" #include "Xext/xacestr.h"
@ -103,6 +104,23 @@ void hookResourceAccess(CallbackListPtr *pcbl, void *unused, void *calldata)
} }
} }
/* server resources */
if (obj->isServer) {
if (param->rtype == X11_RESTYPE_COLORMAP) {
if (checkAllowed(param->access_mode, DixReadAccess | DixGetPropAccess | DixUseAccess | DixGetAttrAccess | DixAddAccess))
goto pass;
}
if (param->rtype == X11_RESTYPE_WINDOW) {
/* allowed ones should already been catched above */
XNS_HOOK_LOG("REJECT server owned window 0x%0x!\n", ((WindowPtr)param->res)->drawable.id);
goto reject;
}
if (checkAllowed(param->access_mode, DixReadAccess))
goto pass;
}
reject: ; reject: ;
char accModeStr[128]; char accModeStr[128];
LookupDixAccessName(param->access_mode, (char*)&accModeStr, sizeof(accModeStr)); LookupDixAccessName(param->access_mode, (char*)&accModeStr, sizeof(accModeStr));