From 7afdba1952825c0fef44ad53b2c5f651d582db19 Mon Sep 17 00:00:00 2001 From: "Enrico Weigelt, metux IT consult" Date: Fri, 21 Mar 2025 19:20:45 +0100 Subject: [PATCH] Xnamespace: whitelist access to namespace virtual root window Signed-off-by: Enrico Weigelt, metux IT consult --- Xext/namespace/hook-resource.c | 13 +++++++++++++ Xext/namespace/hook-windowproperty.c | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/Xext/namespace/hook-resource.c b/Xext/namespace/hook-resource.c index 8a8cb4f37..9f229e8b3 100644 --- a/Xext/namespace/hook-resource.c +++ b/Xext/namespace/hook-resource.c @@ -41,6 +41,19 @@ void hookResourceAccess(CallbackListPtr *pcbl, void *unused, void *calldata) if (param->rtype == X11_RESTYPE_WINDOW) { WindowPtr pWindow = (WindowPtr) param->res; + /* white-listed operations on namespace's virtual root window */ + if (pWindow == subj->ns->rootWindow) { + switch (client->majorOp) { + case X_DeleteProperty: + case X_ChangeProperty: + case X_GetProperty: + case X_RotateProperties: + case X_QueryTree: + goto pass; + } + XNS_HOOK_LOG("unhandled access to NS' virtual root window 0x%0x\n", pWindow->drawable.id); + } + /* white-listed operations on actual root window */ if (pWindow && (pWindow == pWindow->drawable.pScreen->root)) { switch (client->majorOp) { diff --git a/Xext/namespace/hook-windowproperty.c b/Xext/namespace/hook-windowproperty.c index cc041410b..f427c634f 100644 --- a/Xext/namespace/hook-windowproperty.c +++ b/Xext/namespace/hook-windowproperty.c @@ -40,8 +40,13 @@ void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata) if (XnsClientSameNS(subj, obj)) return; + // allow access to namespace virtual root + if (param->window == subj->ns->rootWindow->drawable.id) + return; + // redirect root window access to namespace's virtual root if (dixWindowIsRoot(param->window)) { param->window = subj->ns->rootWindow->drawable.id; + return; } }