Remove SecurityPolicy file and associated references in the manpages.

2007-11-08 16:41:47 -05:00 · 2007-11-08 16:41:47 -05:00 · 9d03cad144
parent 8b5d21cc1d
commit 9d03cad144
6 changed files with 1 additions and 367 deletions
--- a/.gitignore
+++ b/.gitignore
@ -92,8 +92,6 @@ cfb32/cfbzerarcG.c
 cfb32/cfbzerarcX.c
 doc/Xserver.1x
 doc/Xserver.man
 doc/SecurityPolicy.5
 doc/SecurityPolicy.man
 hw/dmx/Xdmx
 hw/dmx/Xdmx.1x
 hw/dmx/config/dmxtodmx
--- a/Xext/Makefile.am
+++ b/Xext/Makefile.am
@ -33,9 +33,6 @@ MODULE_SRCS =			\
 	sync.c			\
 	xcmisc.c
 # Extra configuration files ship with some extensions
 SERVERCONFIG_DATA =
 # Optional sources included if extension enabled by configure.ac rules
 # MIT Shared Memory extension
@ -86,9 +83,6 @@ endif
 XCSECURITY_SRCS = security.c securitysrv.h
 if XCSECURITY   
 BUILTIN_SRCS += $(XCSECURITY_SRCS)
 SERVERCONFIG_DATA += SecurityPolicy
 AM_CFLAGS += -DDEFAULTPOLICYFILE=\"$(SERVERCONFIGdir)/SecurityPolicy\"
 endif
 XCALIBRATE_SRCS = xcalibrate.c
@ -166,7 +160,6 @@ libXextmodule_la_SOURCES =	$(MODULE_SRCS)
 endif
 EXTRA_DIST = \
 	$(SERVERCONFIG_DATA) \
 	$(MITSHM_SRCS) \
 	$(XV_SRCS) \
 	$(RES_SRCS) \
--- a/Xext/SecurityPolicy
+++ b/Xext/SecurityPolicy
@ -1,86 +0,0 @@
 version-1 
 # $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $
 # Property access rules:
 # property <property> <window> <permissions>
 # <window> ::= any | root | <propertyselector>
 # <propertyselector> ::= <property> | <property>=<value>
 # <permissions> :== [ <operation> | <action> | <space> ]*
 # <operation> :== r | w | d
 #	r	read
 #	w	write
 #	d	delete
 # <action> :== a | i | e
 #	a	allow
 #	i	ignore
 #	e	error
 # Allow reading of application resources, but not writing.
 property RESOURCE_MANAGER	root	ar iw
 property SCREEN_RESOURCES	root	ar iw
 # Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
 # and allowing access may give away too much information.
 property CUT_BUFFER0	root	irw
 property CUT_BUFFER1	root	irw
 property CUT_BUFFER2	root	irw
 property CUT_BUFFER3	root	irw
 property CUT_BUFFER4	root	irw
 property CUT_BUFFER5	root	irw
 property CUT_BUFFER6	root	irw
 property CUT_BUFFER7	root	irw
 # If you are using Motif, you probably want these.
 property _MOTIF_DEFAULT_BINDINGS	root	ar iw
 property _MOTIF_DRAG_WINDOW	root	ar iw
 property _MOTIF_DRAG_TARGETS	any 	ar iw
 property _MOTIF_DRAG_ATOMS	any 	ar iw
 property _MOTIF_DRAG_ATOM_PAIRS	any 	ar iw
 # If you are running CDE you also need these
 property _MOTIF_WM_INFO		root	arw
 property TT_SESSION		root	irw
 property WM_ICON_SIZE		root	irw
 property "SDT Pixel Set"	any	irw
 # The next two rules let xwininfo -tree work when untrusted.
 property WM_NAME	any	ar
 # Allow read of WM_CLASS, but only for windows with WM_NAME.
 # This might be more restrictive than necessary, but demonstrates
 # the <required property> facility, and is also an attempt to
 # say "top level windows only."
 property WM_CLASS	WM_NAME	ar
 # These next three let xlsclients work untrusted.  Think carefully
 # before including these; giving away the client machine name and command
 # may be exposing too much.
 property WM_STATE	WM_NAME	ar
 property WM_CLIENT_MACHINE	WM_NAME	ar
 property WM_COMMAND	WM_NAME	ar
 # To let untrusted clients use the standard colormaps created by
 # xstdcmap, include these lines.
 property RGB_DEFAULT_MAP	root	ar
 property RGB_BEST_MAP	root	ar
 property RGB_RED_MAP	root	ar
 property RGB_GREEN_MAP	root	ar
 property RGB_BLUE_MAP	root	ar
 property RGB_GRAY_MAP	root	ar
 # To let untrusted clients use the color management database created
 # by xcmsdb, include these lines.
 property XDCCC_LINEAR_RGB_CORRECTION	root	ar
 property XDCCC_LINEAR_RGB_MATRICES	root	ar
 property XDCCC_GRAY_SCREENWHITEPOINT	root	ar
 property XDCCC_GRAY_CORRECTION	root	ar
 # To let untrusted clients use the overlay visuals that many vendors
 # support, include this line.
 property SERVER_OVERLAY_VISUALS	root	ar
 # Only trusted extensions can be used by untrusted clients
 trust extension XC-MISC
 trust extension BIG-REQUESTS
 trust extension XpExtension
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -5,7 +5,7 @@ filemandir = $(FILE_MAN_DIR)
 # (i.e. those handled in the os/utils.c options processing instead of in
 #  the DDX-level options processing)
 appman_PRE = Xserver.man.pre
-fileman_PRE = SecurityPolicy.man.pre
+fileman_PRE =
 appman_PROCESSED = $(appman_PRE:man.pre=man)
 fileman_PROCESSED = $(fileman_PRE:man.pre=man)
--- a/doc/SecurityPolicy.man.pre
+++ b/doc/SecurityPolicy.man.pre
@ -1,258 +0,0 @@
 .\" Split out of Xserver.man, which was covered by this notice:
 .\" Copyright 1984 - 1991, 1993, 1994, 1998  The Open Group
 .\"
 .\" Permission to use, copy, modify, distribute, and sell this software and its
 .\" documentation for any purpose is hereby granted without fee, provided that
 .\" the above copyright notice appear in all copies and that both that
 .\" copyright notice and this permission notice appear in supporting
 .\" documentation.
 .\"
 .\" The above copyright notice and this permission notice shall be included
 .\" in all copies or substantial portions of the Software.
 .\"
 .\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 .\" OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 .\" MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 .\" IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
 .\" OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
 .\" ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 .\" OTHER DEALINGS IN THE SOFTWARE.
 .\"
 .\" Except as contained in this notice, the name of The Open Group shall
 .\" not be used in advertising or otherwise to promote the sale, use or
 .\" other dealings in this Software without prior written authorization
 .\" from The Open Group.
 .\" $XFree86: xc/programs/Xserver/Xserver.man,v 3.31 2004/01/10 22:27:46 dawes Exp $
 .\" shorthand for double quote that works everywhere.
 .ds q \N'34'
 .TH SecurityPolicy __filemansuffix__ __xorgversion__
 .SH NAME
 SecurityPolicy \- X Window System SECURITY Extension Policy file format
 .SH DESCRIPTION
 The SECURITY extension to the X Window System uses a policy file to determine
 which operations should be allowed or denied.   The default location for this
 file is
 .IR __projectroot__/lib/xserver/SecurityPolicy .
 .PP
 The syntax of the security policy file is as follows.
 Notation: "*" means zero or more occurrences of the preceding element,
 and "+" means one or more occurrences.  To interpret <foo/bar>, ignore
 the text after the /; it is used to distinguish between instances of
 <foo> in the next section.
 .PP
 .nf
 <policy file> ::= <version line> <other line>*
 <version line> ::= <string/v> '\en'
 <other line > ::= <comment> | <access rule> | <site policy> | <blank line>
 <comment> ::= # <not newline>* '\en'
 <blank line> ::= <space> '\en'
 <site policy> ::= sitepolicy <string/sp> '\en'
 <access rule> ::= property <property/ar> <window> <perms> '\en'
 <property> ::= <string>
 <window> ::= any | root | <required property>
 <required property> ::= <property/rp> | <property with value>
 <property with value> ::= <property/rpv> = <string/rv>
 <perms> ::= [ <operation> | <action> | <space> ]*
 <operation> ::= r | w | d
 <action> ::= a | i | e
 <string> ::= <dbl quoted string> | <single quoted string> | <unquoted string>
 <dbl quoted string> ::= <space> " <not dquote>* " <space>
 <single quoted string> ::= <space> ' <not squote>* ' <space>
 <unquoted string> ::= <space> <not space>+ <space>
 <space> ::= [ ' ' | '\et' ]*
 Character sets:
 <not newline> ::= any character except '\en'
 <not dquote>  ::= any character except "
 <not squote>  ::= any character except '
 <not space>   ::= any character except those in <space>
 .fi
 .PP
 The semantics associated with the above syntax are as follows.
 .PP
 <version line>, the first line in the file, specifies the file format
 version.  If the server does not recognize the version <string/v>, it
 ignores the rest of the file.  The version string for the file format
 described here is "version-1" .
 .PP
 Once past the <version line>, lines that do not match the above syntax
 are ignored.
 .PP
 <comment> lines are ignored.
 .PP
 <sitepolicy> lines are currently ignored.  They are intended to
 specify the site policies used by the XC-QUERY-SECURITY-1
 authorization method.
 .PP
 <access rule> lines specify how the server should react to untrusted
 client requests that affect the X Window property named <property/ar>.
 The rest of this section describes the interpretation of an
 <access rule>.
 .PP
 For an <access rule> to apply to a given instance of <property/ar>,
 <property/ar> must be on a window that is in the set of windows
 specified by <window>.  If <window> is any, the rule applies to
 <property/ar> on any window.  If <window> is root, the rule applies to
 <property/ar> only on root windows.
 .PP
 If <window> is <required property>, the following apply.  If <required
 property> is a <property/rp>, the rule applies when the window also
 has that <property/rp>, regardless of its value.  If <required
 property> is a <property with value>, <property/rpv> must also have
 the value specified by <string/rv>.  In this case, the property must
 have type STRING and format 8, and should contain one or more
 null-terminated strings.  If any of the strings match <string/rv>, the
 rule applies.
 .PP
 The definition of string matching is simple case-sensitive string
 comparison with one elaboration: the occurrence of the character '*' in
 <string/rv> is a wildcard meaning "any string."  A <string/rv> can
 contain multiple wildcards anywhere in the string.  For example, "x*"
 matches strings that begin with x, "*x" matches strings that end with
 x, "*x*" matches strings containing x, and "x*y*" matches strings that
 start with x and subsequently contain y.
 .PP
 There may be multiple <access rule> lines for a given <property/ar>.
 The rules are tested in the order that they appear in the file.  The
 first rule that applies is used.
 .PP
 <perms> specify operations that untrusted clients may attempt, and
 the actions that the server should take in response to those operations.
 .PP
 <operation> can be r (read), w (write), or d (delete).  The following
 table shows how X Protocol property requests map to these operations
 in the X.Org server implementation.
 .PP
 .nf
 GetProperty	r, or r and d if delete = True
 ChangeProperty	w
 RotateProperties	r and w
 DeleteProperty	d
 ListProperties	none, untrusted clients can always list all properties
 .fi
 .PP
 <action> can be a (allow), i (ignore), or e (error).  Allow means
 execute the request as if it had been issued by a trusted client.
 Ignore means treat the request as a no-op.  In the case of
 GetProperty, ignore means return an empty property value if the
 property exists, regardless of its actual value.  Error means do not
 execute the request and return a BadAtom error with the atom set to
 the property name.  Error is the default action for all properties,
 including those not listed in the security policy file.
 .PP
 An <action> applies to all <operation>s that follow it, until the next
 <action> is encountered.  Thus, irwad  means ignore read and write,
 allow delete.
 .PP
 GetProperty and RotateProperties may do multiple operations (r and d,
 or r and w).  If different actions apply to the operations, the most
 severe action is applied to the whole request; there is no partial
 request execution.  The severity ordering is: allow < ignore < error.
 Thus, if the <perms> for a property are ired (ignore read, error
 delete), and an untrusted client attempts GetProperty on that property
 with delete = True, an error is returned, but the property value is
 not.  Similarly, if any of the properties in a RotateProperties do not
 allow both read and write, an error is returned without changing any
 property values.
 .PP
 Here is an example security policy file.
 .PP
 .ta 3i 4i
 .nf
 version-1
 XCOMM Allow reading of application resources, but not writing.
 property RESOURCE_MANAGER	root	ar iw
 property SCREEN_RESOURCES	root	ar iw
 XCOMM Ignore attempts to use cut buffers.  Giving errors causes apps to crash,
 XCOMM and allowing access may give away too much information.
 property CUT_BUFFER0	root	irw
 property CUT_BUFFER1	root	irw
 property CUT_BUFFER2	root	irw
 property CUT_BUFFER3	root	irw
 property CUT_BUFFER4	root	irw
 property CUT_BUFFER5	root	irw
 property CUT_BUFFER6	root	irw
 property CUT_BUFFER7	root	irw
 XCOMM If you are using Motif, you probably want these.
 property _MOTIF_DEFAULT_BINDINGS	root	ar iw
 property _MOTIF_DRAG_WINDOW	root	ar iw
 property _MOTIF_DRAG_TARGETS	any 	ar iw
 property _MOTIF_DRAG_ATOMS	any 	ar iw
 property _MOTIF_DRAG_ATOM_PAIRS	any 	ar iw
 XCOMM The next two rules let xwininfo -tree work when untrusted.
 property WM_NAME	any	ar
 XCOMM Allow read of WM_CLASS, but only for windows with WM_NAME.
 XCOMM This might be more restrictive than necessary, but demonstrates
 XCOMM the <required property> facility, and is also an attempt to
 XCOMM say "top level windows only."
 property WM_CLASS	WM_NAME	ar
 XCOMM These next three let xlsclients work untrusted.  Think carefully
 XCOMM before including these; giving away the client machine name and command
 XCOMM may be exposing too much.
 property WM_STATE	WM_NAME	ar
 property WM_CLIENT_MACHINE	WM_NAME	ar
 property WM_COMMAND	WM_NAME	ar
 XCOMM To let untrusted clients use the standard colormaps created by
 XCOMM xstdcmap, include these lines.
 property RGB_DEFAULT_MAP	root	ar
 property RGB_BEST_MAP	root	ar
 property RGB_RED_MAP	root	ar
 property RGB_GREEN_MAP	root	ar
 property RGB_BLUE_MAP	root	ar
 property RGB_GRAY_MAP	root	ar
 XCOMM To let untrusted clients use the color management database created
 XCOMM by xcmsdb, include these lines.
 property XDCCC_LINEAR_RGB_CORRECTION	root	ar
 property XDCCC_LINEAR_RGB_MATRICES	root	ar
 property XDCCC_GRAY_SCREENWHITEPOINT	root	ar
 property XDCCC_GRAY_CORRECTION	root	ar
 XCOMM To let untrusted clients use the overlay visuals that many vendors
 XCOMM support, include this line.
 property SERVER_OVERLAY_VISUALS	root	ar
 XCOMM Dumb examples to show other capabilities.
 XCOMM oddball property names and explicit specification of error conditions
 property "property with spaces"	'property with "'	aw er ed
 XCOMM Allow deletion of Woo-Hoo if window also has property OhBoy with value
 XCOMM ending in "son".  Reads and writes will cause an error.
 property Woo-Hoo	OhBoy = "*son"	ad
 .fi
 .SH FILES
 .TP 30
 .I __projectroot__/lib/xserver/SecurityPolicy
 Default X server security policy
 .SH "SEE ALSO"
 .PP
 \fIXserver\fp(__appmansuffix__),
 .I "Security Extension Specification"
--- a/doc/Xserver.man.pre
+++ b/doc/Xserver.man.pre
@ -407,15 +407,6 @@ elapse between autorepeat-generated keystrokes).
 .TP 8
 .B \-xkbmap \fIfilename\fP
 loads keyboard description in \fIfilename\fP on server startup.
 .SH SECURITY EXTENSION OPTIONS
 X servers that support the SECURITY extension accept the following option:
 .TP 8
 .B \-sp \fIfilename\fP
 causes the server to attempt to read and interpret filename as a security
 policy file with the format described below.  The file is read at server
 startup and reread at each server reset.
 The syntax of the security policy file is described in 
 \fISecurityPolicy\fP(__filemansuffix__).
 .SH "NETWORK CONNECTIONS"
 The X server supports client connections via a platform-dependent subset of
 the following transport types: TCP\/IP, Unix Domain sockets, DECnet,
@ -580,9 +571,6 @@ Error log file for display number \fBn\fP if run from \fIinit\fP(__adminmansuffi
 .TP 30
 .I __projectroot__/lib/X11/xdm/xdm-errors
 Default error log file if the server is run from \fIxdm\fP(1)
 .TP 30
 .I __projectroot__/lib/xserver/SecurityPolicy
 Default X server security policy
 .SH "SEE ALSO"
 General information: \fIX\fP(__miscmansuffix__)
 .PP
@ -597,7 +585,6 @@ Fonts: \fIbdftopcf\fP(1), \fImkfontdir\fP(1), \fImkfontscale\fP(1),
 .PP
 Security: \fIXsecurity\fP(__miscmansuffix__), \fIxauth\fP(1), \fIXau\fP(1), 
 \fIxdm\fP(1), \fIxhost\fP(1), \fIxfwp\fP(1),
 \fISecurityPolicy\fP(__filemansuffix__),
 .I "Security Extension Specification"
 .PP
 Starting the server: \fIxdm\fP(1), \fIxinit\fP(1)