From 6045506be0cebca4ebbe943ae77f020aafa703d4 Mon Sep 17 00:00:00 2001 From: Eamon Walsh Date: Thu, 16 Apr 2009 22:33:12 -0400 Subject: [PATCH] security: Revert behavior of extension access for compatibility. Previously, three extensions were defined as "trusted" by the extension: BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted to be used by untrusted clients. In commit 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763 this was changed for some reason. Return to the old, compatible behavior. --- Xext/security.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/Xext/security.c b/Xext/security.c index c9077c87e..0cbb7e37e 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -61,10 +61,10 @@ typedef struct { } SecurityStateRec; /* Extensions that untrusted clients shouldn't have access to */ -static char *SecurityUntrustedExtensions[] = { - "RandR", - "SECURITY", - "XFree86-DGA", +static char *SecurityTrustedExtensions[] = { + "XC-MISC", + "BIG-REQUESTS", + "XpExtension", NULL }; @@ -852,16 +852,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); - if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) - while (SecurityUntrustedExtensions[i]) - if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) { - SecurityAudit("Security: denied client %d access to extension " - "%s on request %s\n", - rec->client->index, rec->ext->name, - SecurityLookupRequestName(rec->client)); - rec->status = BadAccess; - return; - } + if (subj->haveState && subj->trustLevel == XSecurityClientTrusted) + return; + + while (SecurityTrustedExtensions[i]) + if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name)) + return; + + SecurityAudit("Security: denied client %d access to extension " + "%s on request %s\n", + rec->client->index, rec->ext->name, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; } static void