From df56b26ed49b96c79924da6728e17e36ba8b6282 Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Mon, 24 Mar 2025 00:26:20 +0100
Subject: [PATCH] Xnamespace: whitelist resource access for serverClient

The server itself is allowed to access anything w/o restrictions.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/namespace/hook-resource.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Xext/namespace/hook-resource.c b/Xext/namespace/hook-resource.c
index e5a131a59..55b0bd30d 100644
--- a/Xext/namespace/hook-resource.c
+++ b/Xext/namespace/hook-resource.c
@@ -15,6 +15,10 @@ void hookResourceAccess(CallbackListPtr *pcbl, void *unused, void *calldata)
     ClientPtr owner = dixLookupXIDOwner(param->id);
     struct XnamespaceClientPriv *obj = XnsClientPriv(owner);
 
+    // server can do anything
+    if (param->client == serverClient)
+        goto pass;
+
     // special filtering for windows: block transparency for untrusted clients
     if (param->rtype == X11_RESTYPE_WINDOW) {
         WindowPtr pWindow = (WindowPtr) param->res;