frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Xnamespace: whitelist some XI operations 

Whitelisting some XI operations in various hooks.

Note that some additional filtering needs to be done in send or
receive hook in order to prevent clients to receive possibly sensible
input data from the root window.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This commit is contained in:
Enrico Weigelt, metux IT consult 2025-03-25 13:25:58 +01:00
parent 0a90e70a01
commit 8df9373199
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Xext/namespace/hook-device.c
View File

@ -2,6 +2,8 @@
#include <dix-config.h> #include <dix-config.h>
#include <X11/extensions/XIproto.h>
#include <X11/extensions/XI2proto.h>
#include <X11/extensions/XKB.h> #include <X11/extensions/XKB.h>
#include "dix/dix_priv.h" #include "dix/dix_priv.h"
@ -41,6 +43,15 @@ void hookDevice(CallbackListPtr *pcbl, void *unused, void *calldata)
XNS_HOOK_LOG("BLOCKED unhandled XKEYBOARD %s\n", LookupRequestName(client->majorOp, client->minorOp)); XNS_HOOK_LOG("BLOCKED unhandled XKEYBOARD %s\n", LookupRequestName(client->majorOp, client->minorOp));
goto block; goto block;
} }
case EXTENSION_MAJOR_XINPUT:
switch (client->minorOp) {
case X_ListInputDevices:
case X_XIQueryDevice:
goto pass;
default:
XNS_HOOK_LOG("BLOCKED unhandled Xinput request\n");
goto block;
}
} }
block: block:

5
Xext/namespace/hook-ext-dispatch.c
View File

@ -6,6 +6,7 @@
#include <X11/Xdefs.h> // syncproto.h is broken #include <X11/Xdefs.h> // syncproto.h is broken
#include <X11/Xmd.h> #include <X11/Xmd.h>
#include <X11/extensions/syncproto.h> #include <X11/extensions/syncproto.h>
#include <X11/extensions/XIproto.h>
#include <X11/extensions/XKB.h> #include <X11/extensions/XKB.h>
#include <X11/extensions/xfixeswire.h> #include <X11/extensions/xfixeswire.h>
@ -61,6 +62,10 @@ void hookExtDispatch(CallbackListPtr *pcbl, void *unused, void *calldata)
case EXTENSION_MAJOR_XINPUT: case EXTENSION_MAJOR_XINPUT:
if (subj->ns->allowXInput) if (subj->ns->allowXInput)
goto pass; goto pass;
switch (client->minorOp) {
case X_ListInputDevices:
goto pass;
}
break; break;
case EXTENSION_MAJOR_XFIXES: case EXTENSION_MAJOR_XFIXES:

12
Xext/namespace/hook-resource.c
View File

@ -2,7 +2,10 @@
#include <dix-config.h> #include <dix-config.h>
#include <X11/extensions/XI2proto.h>
#include "dix/dix_priv.h" #include "dix/dix_priv.h"
#include "dix/extension_priv.h"
#include "dix/window_priv.h" #include "dix/window_priv.h"
#include "Xext/xacestr.h" #include "Xext/xacestr.h"
@ -87,6 +90,15 @@ void hookResourceAccess(CallbackListPtr *pcbl, void *unused, void *calldata)
case X_SendEvent: case X_SendEvent:
/* send hook needs to take care of this */ /* send hook needs to take care of this */
goto pass; goto pass;
case EXTENSION_MAJOR_XINPUT:
switch(client->minorOp) {
// needed by xeyes. we should filter the mask
case X_XISelectEvents:
goto pass;
}
XNS_HOOK_LOG("unhandled XI operation on (real) root window\n");
goto reject;
} }
} }
} }