From 2cc869626a5728d8bd80241322546f98df96094d Mon Sep 17 00:00:00 2001 From: Olivier Fourdan Date: Wed, 8 Nov 2023 13:53:48 +0100 Subject: [PATCH] xwayland: Restrict allow commit to the window manager Xwayland offers a way for the window and compositing manager to hold the surface commits through an X11 property _XWAYLAND_ALLOW_COMMITS. Xwayland, however, does not actually check if the X11 client changing the value of that property is indeed the X11 window manager, so any X11 client can potentially interfere with the Wayland surface mechanism. Restrict access to the _XWAYLAND_ALLOW_COMMITS property to read-only, except for the X11 window manager and the Xserver itself. Signed-off-by: Olivier Fourdan Reviewed-by: Daniel Stone Reviewed-by: Pekka Paalanen --- hw/xwayland/xwayland-screen.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/hw/xwayland/xwayland-screen.c b/hw/xwayland/xwayland-screen.c index 55d53c507..212bf26a0 100644 --- a/hw/xwayland/xwayland-screen.c +++ b/hw/xwayland/xwayland-screen.c @@ -167,12 +167,33 @@ xwl_property_callback(CallbackListPtr *pcbl, void *closure, xwl_window_update_property(xwl_window, rec); } +#define readOnlyPropertyAccessMask (DixReadAccess |\ + DixGetAttrAccess |\ + DixListPropAccess |\ + DixGetPropAccess) + static void xwl_access_property_callback(CallbackListPtr *pcbl, void *closure, void *calldata) { + XacePropertyAccessRec *rec = calldata; + PropertyPtr prop = *rec->ppProp; + ClientPtr client = rec->client; + Mask access_mode = rec->access_mode; + ScreenPtr pScreen = closure; + struct xwl_screen *xwl_screen = xwl_screen_get(pScreen); + + if (prop->propertyName == xwl_screen->allow_commits_prop) { + /* Only the WM and the Xserver itself */ + if (client != serverClient && + client->index != xwl_screen->wm_client_id && + (access_mode & ~readOnlyPropertyAccessMask) != 0) + rec->status = BadAccess; + } } +#undef readOnlyPropertyAccessMask + static void xwl_root_window_finalized_callback(CallbackListPtr *pcbl, void *closure,