frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,954 Commits 293 Branches 13 Tags 61 MiB
Commit Graph

360 Commits

Author SHA1 Message Date
Eamon Walsh 9f56fc5806 XSELinux: Add a request to get a client's context from a resource ID. 2008-03-31 17:35:10 -04:00
Eamon Walsh b5f98fcea2 XSELinux: Add xorg.conf option for permissive/enforcing/disabled. 
Patch by Joe Nall.

The option goes in the "extmod" subsection.
TODO: Make it easier for extension modules to handle their own options.
 2008-03-28 14:14:23 -04:00
Adam Jackson 536f2ff538 Bug #13962: Re-arm the DPMS timer when re-enabling DPMS. 2008-03-24 12:22:19 -04:00
Eamon Walsh 3bbd77ff98 XSELinux: Do a check for whether background "None" is allowed. 2008-03-20 20:03:02 -04:00
Eamon Walsh e323bb426c XSELinux: Correctly handle some permission bits that are used more than once. 2008-03-20 19:42:09 -04:00
Alan Coopersmith 060a99444e Make Xevie private symbol names less generic 
Makes it easier to figure out what you're seeing in the stack trace
instead of wondering where in the server "ProcSend" is.
 2008-03-19 16:04:16 -07:00
Alan Coopersmith f37046984d Xevie cleanups, byteswapping fixes & request length check fixes 2008-03-19 14:06:53 -07:00
Eamon Walsh d4101140f4 xselinux: Implement polyinstantiation support and related protocol. 2008-03-04 22:39:41 -05:00
Eamon Walsh cc76ea6e3a XACE: Add generic support for property and selection polyinstantiation. 2008-02-29 18:01:37 -05:00
Eamon Walsh 34bf308a9e dix: Refactoring of selection code to allow for polyinstantiation. 
Introduces dixLookupSelection() API.
Removes NumCurrentSelections from API.
 2008-02-29 18:01:37 -05:00
Eamon Walsh d04ea267a4 xselinux: Don't require device "read" permission for XQueryPointer. 
These keyboard and pointer state polling calls are a real problem.
 2008-02-28 21:53:16 -05:00
Eamon Walsh 3fb17a3e64 xselinux: Log messages to both libaudit and Xorg.0.log. 2008-02-28 21:52:57 -05:00
Eamon Walsh 27bcf40cda XACE: Fix instances of DixUnknownAccess at hook callsites. 2008-02-28 16:43:43 -05:00
Eamon Walsh f616735f17 xselinux: Prefix a few remaining error messages with "SELinux". 2008-02-27 22:48:29 -05:00
Eamon Walsh e40cc5305b xselinux: Don't throw BadAccess if DixUnknownAccess is passed in to a hook. 
The avc will still appear, however, so that the callsite can be fixed.
 2008-02-27 22:48:28 -05:00
Eamon Walsh 3f0681fb0b xselinux: Stub out selection protocol requests. 2008-02-26 23:14:29 -05:00
Eamon Walsh 4632ea2258 xselinux: Rip out the selection code in advance of polyinstantiation support. 
This resolves an issue where BadWindow errors were being thrown.
 2008-02-26 22:00:52 -05:00
Eamon Walsh c8e979b3b8 security: Register resource names in the server-side name registry. 2008-02-26 21:36:46 -05:00
Adam Jackson ee21aba6be Fix Xinerama's consolidated visual handling. 
Formerly the code claimed it could only handle up to 256 visuals, which
was true.  Also true, but not explicitly stated, was that it could only
handle visuals with VID < 256.  If you have enough screens, and subsystems
that add lots of visuals, you can easily run off the end.  (Made worse
because we allocate visual IDs from the same pool as XIDs.)  If your app
then chooses a visual > 256, then the Xinerama code would throw BadMatch
on CreateColormap and your app wouldn't start.

With this change, PanoramiXVisualTable is gone.  Other subsystems that
were using it as a translation table between each screen's visuals now
use a PanoramiXTranslateVisual() helper.
 2008-02-22 15:19:54 -05:00
Eamon Walsh f343265a28 XACE: Make the default window background state configurable per-window. 
To recap: the original XC-SECURITY extension disallowed background "None" if
the window was untrusted.  XACE 1.0 preserved this check as a hook function.
XACE pre-2.0 removed the hook and first abolished background "None entirely,
then restored it as a global on/off switch in response to Bug #13683.
Now it's back to being per-window, via a flag instead of a hook function.
 2008-02-20 15:59:40 -05:00
Eamon Walsh 4573cb2ce4 security: Revise set of permissions granted to untrusted clients. 
Bug #14480: untrusted access broken on 7.3.
 2008-02-13 20:20:49 -05:00
Eamon Walsh e99aadbc26 xselinux: Add use to permission map for devices. 2008-02-13 20:20:49 -05:00
Adam Jackson f3b3b37ec6 Use strerror instead of errno values in user strings. 2008-02-14 07:52:02 +11:00
Adam Jackson 62cfe88638 Redact all mention of PanoramiX from user strings. 2008-02-14 07:11:14 +11:00
Eamon Walsh 0d492b2166 XACE: Move the selection access hook to its own function. 2008-02-12 19:59:10 -05:00
Eamon Walsh 31934132a4 xselinux: Use the device name in debugging output. 2008-02-07 16:32:06 -05:00
Eamon Walsh 6dcb7d732b xselinux: Split devPrivate state into subject and object records. 2008-02-07 16:00:52 -05:00
Eamon Walsh 2259b144f0 xselinux: Add getattr and setattr to the permission map for properties. 2008-02-07 14:35:02 -05:00
Eamon Walsh 5c30327275 XACE: Push the dix "structure" includes down to the security modules. 2008-02-05 21:06:05 -05:00
Eamon Walsh bb1a577a68 XACE: Move the property access hook to its own function. 2008-02-05 20:07:08 -05:00
Eamon Walsh e915a26397 xselinux: Move the extension to extmod instead of being built-in. 2008-01-25 19:22:19 -05:00
Eamon Walsh f6a78ee143 XACE: Remove the extension code entirely, XACE is completely static now. 2008-01-25 18:04:10 -05:00
Eamon Walsh 7724c30a75 XACE: Stop using fake requestVectors in favor of a simple hook call. 2008-01-25 17:28:17 -05:00
Eamon Walsh f82329b081 XACE: Don't need to actually register a protocol extension. 2008-01-25 16:20:46 -05:00
Eamon Walsh 46794d0c96 xselinux: Rename SelectionManager to more generic SecurityManager. 2008-01-24 19:49:13 -05:00
Eamon Walsh 6ffeecabb7 xselinux: Use a privileged bit in the state instead of passing an index 
to the permission checking function.
 2008-01-24 18:11:49 -05:00
Eamon Walsh 7ba8e97cba xselinux: Implement "get context" protocol requests. 2008-01-24 19:09:58 -05:00
Eamon Walsh f0bf9a5231 xselinux: Whitespace fixups. 2008-01-24 19:02:35 -05:00
Matthias Hopf be6c17fcf9 CVE-2007-6429: Always test for size+offset wrapping. 2008-01-21 16:13:21 +01:00
Adam Jackson e9fa7c1c88 CVE-2007-6429: Don't spuriously reject <8bpp shm pixmaps. 
Move size validation after depth validation, and only validate size if
the bpp of the pixmap format is > 8.  If bpp < 8 then we're already
protected from overflow by the width and height checks.
 2008-01-18 14:41:20 -05:00
Matthieu Herrb 6de61f8272 Fix for CVE-2007-6429 - MIT-SHM and EVI extensions integer overflows. 2008-01-17 15:28:42 +01:00
Matthieu Herrb 7dc1717ff0 Fix for CVE-2007-6428 - TOG-cup extension memory corruption. 2008-01-17 15:28:03 +01:00
Michel Dänzer e46f6ddecc Yet another Xv extension byte swapping fix. 2008-01-16 14:24:22 +01:00
Alan Coopersmith 6844bd2e63 More Xv extension byte swapping fixes 2008-01-09 19:52:00 -08:00
Richard Purdie c31aead0fe [Kdrive] make XCalibrate 'orientation aware' 2008-01-08 12:31:47 +01:00
Eamon Walsh 39cb782f28 XACE: DeleteCallbackList zeroes out its argument so don't do it twice. 2008-01-03 23:17:06 -05:00
Eamon Walsh cd0603c2dc Bug #13765: Heap corruption in XC-SECURITY extension code. 2008-01-03 21:41:02 -05:00
Eamon Walsh 17a9714a67 Bug #13794: Update MBE extension devPrivates to new interface. 2008-01-03 14:46:54 -05:00
Alan Coopersmith dfd682b582 X.Org bug 4947/Sun bug 6646626: Xv extension not byte-swapping properly 
X.Org Bugzilla #4947 <https://bugs.freedesktop.org/show_bug.cgi?id=4947>
Sun bug 6646626 <http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6646626>

Don't use swapped data after swapping it.   When done swapping data,
send the swapped data, not the address of the pointer to it, to the client.
 2008-01-02 19:27:22 -08:00
Eamon Walsh 3b23dd9fd4 xselinux: Fix whitespace warnings. 2007-12-28 13:29:45 -05:00