Contents of /trunk/xorg-server/patches/xorg-server-1.17.1-CVE-2015-3164.patch
Parent Directory | Revision Log
Revision 2575 -
(show annotations)
(download)
Mon Jun 15 12:22:48 2015 UTC (9 years, 3 months ago) by niro
File size: 28091 byte(s)
Mon Jun 15 12:22:48 2015 UTC (9 years, 3 months ago) by niro
File size: 28091 byte(s)
-serveral upstream patches
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
2 | "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
3 | <html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'> |
4 | <head> |
5 | <title>svntogit/packages.git - Git clone of the 'packages' repository |
6 | </title> |
7 | <meta name='generator' content='cgit v0.10.2'/> |
8 | <meta name='robots' content='index, nofollow'/> |
9 | <link rel='stylesheet' type='text/css' href='/cgit.css'/> |
10 | <link rel='shortcut icon' href='/favicon.ico'/> |
11 | <link rel='alternate' title='Atom feed' href='https://projects.archlinux.org/svntogit/packages.git/atom/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server' type='application/atom+xml'/> |
12 | <link rel='vcs-git' href='git://projects.archlinux.org/svntogit/packages.git' title='svntogit/packages.git Git repository'/> |
13 | <link rel='vcs-git' href='http://projects.archlinux.org/git/svntogit/packages.git' title='svntogit/packages.git Git repository'/> |
14 | <link rel='vcs-git' href='https://projects.archlinux.org/git/svntogit/packages.git' title='svntogit/packages.git Git repository'/> |
15 | <link rel='vcs-git' href='ssh://gerolde.archlinux.org/srv/projects/git/svntogit/packages.git' title='svntogit/packages.git Git repository'/> |
16 | </head> |
17 | <body> |
18 | <div id="archnavbar"><!-- Arch Linux global navigation bar --> |
19 | <div id="archnavbarlogo"> |
20 | <p><a href="http://www.archlinux.org/" title="Arch news, packages, projects and more"></a></p> |
21 | </div> |
22 | <div id="archnavbarmenu"> |
23 | <ul id="archnavbarlist"> |
24 | <li id="anb-home"><a href="http://www.archlinux.org/" title="Arch news, packages, projects and more">Home</a></li> |
25 | <li id="anb-packages"><a href="http://www.archlinux.org/packages/" title="Arch Package Database">Packages</a></li> |
26 | <li id="anb-forums"><a href="https://bbs.archlinux.org/" title="Community forums">Forums</a></li> |
27 | <li id="anb-wiki"><a href="https://wiki.archlinux.org/" title="Community documentation">Wiki</a></li> |
28 | <li id="anb-bugs"><a href="https://bugs.archlinux.org/" title="Report and follow bugs">Bugs</a></li> |
29 | <li id="anb-aur"><a href="https://aur.archlinux.org/" title="Arch Linux User Repository">AUR</a></li> |
30 | <li id="anb-download"><a href="http://www.archlinux.org/download/" title="Get Arch Linux">Download</a></li> |
31 | </ul> |
32 | </div> |
33 | </div><!-- #archnavbar --> |
34 | <div id='cgit'><table id='header'> |
35 | <tr> |
36 | <td class='main'><a href='/'>index</a> : <a title='svntogit/packages.git' href='/svntogit/packages.git/'>svntogit/packages.git</a></td></tr> |
37 | <tr><td class='sub'>Git clone of the 'packages' repository |
38 | </td><td class='sub right'></td></tr></table> |
39 | <table class='tabs'><tr><td> |
40 | <a href='/svntogit/packages.git/?h=packages/xorg-server'>summary</a><a href='/svntogit/packages.git/refs/?h=packages/xorg-server'>refs</a><a href='/svntogit/packages.git/log/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>log</a><a class='active' href='/svntogit/packages.git/tree/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>tree</a><a href='/svntogit/packages.git/commit/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>commit</a><a href='/svntogit/packages.git/diff/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>diff</a><a href='/svntogit/packages.git/stats/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>stats</a></td><td class='form'><form class='right' method='get' action='/svntogit/packages.git/log/trunk/fix-CVE-2015-3164.patch'> |
41 | <input type='hidden' name='h' value='packages/xorg-server'/><select name='qt'> |
42 | <option value='grep'>log msg</option> |
43 | <option value='author'>author</option> |
44 | <option value='committer'>committer</option> |
45 | <option value='range'>range</option> |
46 | </select> |
47 | <input class='txt' type='text' size='10' name='q' value=''/> |
48 | <input type='submit' value='search'/> |
49 | </form> |
50 | </td></tr></table> |
51 | <div class='path'>path: <a href='/svntogit/packages.git/tree/?h=packages/xorg-server'>root</a>/<a href='/svntogit/packages.git/tree/trunk?h=packages/xorg-server'>trunk</a>/<a href='/svntogit/packages.git/tree/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>fix-CVE-2015-3164.patch</a></div><div class='content'>blob: e2ee1297323db4493e3babf9baf8f536463c61fb (<a href='/svntogit/packages.git/plain/trunk/fix-CVE-2015-3164.patch?h=packages/xorg-server'>plain</a>) |
52 | <table summary='blob content' class='blob'> |
53 | <tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a> |
54 | <a id='n2' href='#n2'>2</a> |
55 | <a id='n3' href='#n3'>3</a> |
56 | <a id='n4' href='#n4'>4</a> |
57 | <a id='n5' href='#n5'>5</a> |
58 | <a id='n6' href='#n6'>6</a> |
59 | <a id='n7' href='#n7'>7</a> |
60 | <a id='n8' href='#n8'>8</a> |
61 | <a id='n9' href='#n9'>9</a> |
62 | <a id='n10' href='#n10'>10</a> |
63 | <a id='n11' href='#n11'>11</a> |
64 | <a id='n12' href='#n12'>12</a> |
65 | <a id='n13' href='#n13'>13</a> |
66 | <a id='n14' href='#n14'>14</a> |
67 | <a id='n15' href='#n15'>15</a> |
68 | <a id='n16' href='#n16'>16</a> |
69 | <a id='n17' href='#n17'>17</a> |
70 | <a id='n18' href='#n18'>18</a> |
71 | <a id='n19' href='#n19'>19</a> |
72 | <a id='n20' href='#n20'>20</a> |
73 | <a id='n21' href='#n21'>21</a> |
74 | <a id='n22' href='#n22'>22</a> |
75 | <a id='n23' href='#n23'>23</a> |
76 | <a id='n24' href='#n24'>24</a> |
77 | <a id='n25' href='#n25'>25</a> |
78 | <a id='n26' href='#n26'>26</a> |
79 | <a id='n27' href='#n27'>27</a> |
80 | <a id='n28' href='#n28'>28</a> |
81 | <a id='n29' href='#n29'>29</a> |
82 | <a id='n30' href='#n30'>30</a> |
83 | <a id='n31' href='#n31'>31</a> |
84 | <a id='n32' href='#n32'>32</a> |
85 | <a id='n33' href='#n33'>33</a> |
86 | <a id='n34' href='#n34'>34</a> |
87 | <a id='n35' href='#n35'>35</a> |
88 | <a id='n36' href='#n36'>36</a> |
89 | <a id='n37' href='#n37'>37</a> |
90 | <a id='n38' href='#n38'>38</a> |
91 | <a id='n39' href='#n39'>39</a> |
92 | <a id='n40' href='#n40'>40</a> |
93 | <a id='n41' href='#n41'>41</a> |
94 | <a id='n42' href='#n42'>42</a> |
95 | <a id='n43' href='#n43'>43</a> |
96 | <a id='n44' href='#n44'>44</a> |
97 | <a id='n45' href='#n45'>45</a> |
98 | <a id='n46' href='#n46'>46</a> |
99 | <a id='n47' href='#n47'>47</a> |
100 | <a id='n48' href='#n48'>48</a> |
101 | <a id='n49' href='#n49'>49</a> |
102 | <a id='n50' href='#n50'>50</a> |
103 | <a id='n51' href='#n51'>51</a> |
104 | <a id='n52' href='#n52'>52</a> |
105 | <a id='n53' href='#n53'>53</a> |
106 | <a id='n54' href='#n54'>54</a> |
107 | <a id='n55' href='#n55'>55</a> |
108 | <a id='n56' href='#n56'>56</a> |
109 | <a id='n57' href='#n57'>57</a> |
110 | <a id='n58' href='#n58'>58</a> |
111 | <a id='n59' href='#n59'>59</a> |
112 | <a id='n60' href='#n60'>60</a> |
113 | <a id='n61' href='#n61'>61</a> |
114 | <a id='n62' href='#n62'>62</a> |
115 | <a id='n63' href='#n63'>63</a> |
116 | <a id='n64' href='#n64'>64</a> |
117 | <a id='n65' href='#n65'>65</a> |
118 | <a id='n66' href='#n66'>66</a> |
119 | <a id='n67' href='#n67'>67</a> |
120 | <a id='n68' href='#n68'>68</a> |
121 | <a id='n69' href='#n69'>69</a> |
122 | <a id='n70' href='#n70'>70</a> |
123 | <a id='n71' href='#n71'>71</a> |
124 | <a id='n72' href='#n72'>72</a> |
125 | <a id='n73' href='#n73'>73</a> |
126 | <a id='n74' href='#n74'>74</a> |
127 | <a id='n75' href='#n75'>75</a> |
128 | <a id='n76' href='#n76'>76</a> |
129 | <a id='n77' href='#n77'>77</a> |
130 | <a id='n78' href='#n78'>78</a> |
131 | <a id='n79' href='#n79'>79</a> |
132 | <a id='n80' href='#n80'>80</a> |
133 | <a id='n81' href='#n81'>81</a> |
134 | <a id='n82' href='#n82'>82</a> |
135 | <a id='n83' href='#n83'>83</a> |
136 | <a id='n84' href='#n84'>84</a> |
137 | <a id='n85' href='#n85'>85</a> |
138 | <a id='n86' href='#n86'>86</a> |
139 | <a id='n87' href='#n87'>87</a> |
140 | <a id='n88' href='#n88'>88</a> |
141 | <a id='n89' href='#n89'>89</a> |
142 | <a id='n90' href='#n90'>90</a> |
143 | <a id='n91' href='#n91'>91</a> |
144 | <a id='n92' href='#n92'>92</a> |
145 | <a id='n93' href='#n93'>93</a> |
146 | <a id='n94' href='#n94'>94</a> |
147 | <a id='n95' href='#n95'>95</a> |
148 | <a id='n96' href='#n96'>96</a> |
149 | <a id='n97' href='#n97'>97</a> |
150 | <a id='n98' href='#n98'>98</a> |
151 | <a id='n99' href='#n99'>99</a> |
152 | <a id='n100' href='#n100'>100</a> |
153 | <a id='n101' href='#n101'>101</a> |
154 | <a id='n102' href='#n102'>102</a> |
155 | <a id='n103' href='#n103'>103</a> |
156 | <a id='n104' href='#n104'>104</a> |
157 | <a id='n105' href='#n105'>105</a> |
158 | <a id='n106' href='#n106'>106</a> |
159 | <a id='n107' href='#n107'>107</a> |
160 | <a id='n108' href='#n108'>108</a> |
161 | <a id='n109' href='#n109'>109</a> |
162 | <a id='n110' href='#n110'>110</a> |
163 | <a id='n111' href='#n111'>111</a> |
164 | <a id='n112' href='#n112'>112</a> |
165 | <a id='n113' href='#n113'>113</a> |
166 | <a id='n114' href='#n114'>114</a> |
167 | <a id='n115' href='#n115'>115</a> |
168 | <a id='n116' href='#n116'>116</a> |
169 | <a id='n117' href='#n117'>117</a> |
170 | <a id='n118' href='#n118'>118</a> |
171 | <a id='n119' href='#n119'>119</a> |
172 | <a id='n120' href='#n120'>120</a> |
173 | <a id='n121' href='#n121'>121</a> |
174 | <a id='n122' href='#n122'>122</a> |
175 | <a id='n123' href='#n123'>123</a> |
176 | <a id='n124' href='#n124'>124</a> |
177 | <a id='n125' href='#n125'>125</a> |
178 | <a id='n126' href='#n126'>126</a> |
179 | <a id='n127' href='#n127'>127</a> |
180 | <a id='n128' href='#n128'>128</a> |
181 | <a id='n129' href='#n129'>129</a> |
182 | <a id='n130' href='#n130'>130</a> |
183 | <a id='n131' href='#n131'>131</a> |
184 | <a id='n132' href='#n132'>132</a> |
185 | <a id='n133' href='#n133'>133</a> |
186 | <a id='n134' href='#n134'>134</a> |
187 | <a id='n135' href='#n135'>135</a> |
188 | <a id='n136' href='#n136'>136</a> |
189 | <a id='n137' href='#n137'>137</a> |
190 | <a id='n138' href='#n138'>138</a> |
191 | <a id='n139' href='#n139'>139</a> |
192 | <a id='n140' href='#n140'>140</a> |
193 | <a id='n141' href='#n141'>141</a> |
194 | <a id='n142' href='#n142'>142</a> |
195 | <a id='n143' href='#n143'>143</a> |
196 | <a id='n144' href='#n144'>144</a> |
197 | <a id='n145' href='#n145'>145</a> |
198 | <a id='n146' href='#n146'>146</a> |
199 | <a id='n147' href='#n147'>147</a> |
200 | <a id='n148' href='#n148'>148</a> |
201 | <a id='n149' href='#n149'>149</a> |
202 | <a id='n150' href='#n150'>150</a> |
203 | <a id='n151' href='#n151'>151</a> |
204 | <a id='n152' href='#n152'>152</a> |
205 | <a id='n153' href='#n153'>153</a> |
206 | <a id='n154' href='#n154'>154</a> |
207 | <a id='n155' href='#n155'>155</a> |
208 | <a id='n156' href='#n156'>156</a> |
209 | <a id='n157' href='#n157'>157</a> |
210 | <a id='n158' href='#n158'>158</a> |
211 | <a id='n159' href='#n159'>159</a> |
212 | <a id='n160' href='#n160'>160</a> |
213 | <a id='n161' href='#n161'>161</a> |
214 | <a id='n162' href='#n162'>162</a> |
215 | <a id='n163' href='#n163'>163</a> |
216 | <a id='n164' href='#n164'>164</a> |
217 | <a id='n165' href='#n165'>165</a> |
218 | <a id='n166' href='#n166'>166</a> |
219 | <a id='n167' href='#n167'>167</a> |
220 | <a id='n168' href='#n168'>168</a> |
221 | <a id='n169' href='#n169'>169</a> |
222 | <a id='n170' href='#n170'>170</a> |
223 | <a id='n171' href='#n171'>171</a> |
224 | <a id='n172' href='#n172'>172</a> |
225 | <a id='n173' href='#n173'>173</a> |
226 | <a id='n174' href='#n174'>174</a> |
227 | <a id='n175' href='#n175'>175</a> |
228 | <a id='n176' href='#n176'>176</a> |
229 | <a id='n177' href='#n177'>177</a> |
230 | <a id='n178' href='#n178'>178</a> |
231 | <a id='n179' href='#n179'>179</a> |
232 | <a id='n180' href='#n180'>180</a> |
233 | <a id='n181' href='#n181'>181</a> |
234 | <a id='n182' href='#n182'>182</a> |
235 | <a id='n183' href='#n183'>183</a> |
236 | <a id='n184' href='#n184'>184</a> |
237 | <a id='n185' href='#n185'>185</a> |
238 | <a id='n186' href='#n186'>186</a> |
239 | <a id='n187' href='#n187'>187</a> |
240 | <a id='n188' href='#n188'>188</a> |
241 | <a id='n189' href='#n189'>189</a> |
242 | <a id='n190' href='#n190'>190</a> |
243 | <a id='n191' href='#n191'>191</a> |
244 | <a id='n192' href='#n192'>192</a> |
245 | <a id='n193' href='#n193'>193</a> |
246 | <a id='n194' href='#n194'>194</a> |
247 | <a id='n195' href='#n195'>195</a> |
248 | <a id='n196' href='#n196'>196</a> |
249 | <a id='n197' href='#n197'>197</a> |
250 | <a id='n198' href='#n198'>198</a> |
251 | <a id='n199' href='#n199'>199</a> |
252 | <a id='n200' href='#n200'>200</a> |
253 | <a id='n201' href='#n201'>201</a> |
254 | <a id='n202' href='#n202'>202</a> |
255 | <a id='n203' href='#n203'>203</a> |
256 | <a id='n204' href='#n204'>204</a> |
257 | <a id='n205' href='#n205'>205</a> |
258 | <a id='n206' href='#n206'>206</a> |
259 | <a id='n207' href='#n207'>207</a> |
260 | <a id='n208' href='#n208'>208</a> |
261 | <a id='n209' href='#n209'>209</a> |
262 | <a id='n210' href='#n210'>210</a> |
263 | <a id='n211' href='#n211'>211</a> |
264 | <a id='n212' href='#n212'>212</a> |
265 | <a id='n213' href='#n213'>213</a> |
266 | <a id='n214' href='#n214'>214</a> |
267 | <a id='n215' href='#n215'>215</a> |
268 | <a id='n216' href='#n216'>216</a> |
269 | <a id='n217' href='#n217'>217</a> |
270 | <a id='n218' href='#n218'>218</a> |
271 | <a id='n219' href='#n219'>219</a> |
272 | <a id='n220' href='#n220'>220</a> |
273 | <a id='n221' href='#n221'>221</a> |
274 | <a id='n222' href='#n222'>222</a> |
275 | <a id='n223' href='#n223'>223</a> |
276 | <a id='n224' href='#n224'>224</a> |
277 | <a id='n225' href='#n225'>225</a> |
278 | <a id='n226' href='#n226'>226</a> |
279 | <a id='n227' href='#n227'>227</a> |
280 | <a id='n228' href='#n228'>228</a> |
281 | <a id='n229' href='#n229'>229</a> |
282 | <a id='n230' href='#n230'>230</a> |
283 | <a id='n231' href='#n231'>231</a> |
284 | <a id='n232' href='#n232'>232</a> |
285 | <a id='n233' href='#n233'>233</a> |
286 | <a id='n234' href='#n234'>234</a> |
287 | <a id='n235' href='#n235'>235</a> |
288 | <a id='n236' href='#n236'>236</a> |
289 | <a id='n237' href='#n237'>237</a> |
290 | <a id='n238' href='#n238'>238</a> |
291 | <a id='n239' href='#n239'>239</a> |
292 | <a id='n240' href='#n240'>240</a> |
293 | <a id='n241' href='#n241'>241</a> |
294 | <a id='n242' href='#n242'>242</a> |
295 | <a id='n243' href='#n243'>243</a> |
296 | <a id='n244' href='#n244'>244</a> |
297 | <a id='n245' href='#n245'>245</a> |
298 | <a id='n246' href='#n246'>246</a> |
299 | <a id='n247' href='#n247'>247</a> |
300 | <a id='n248' href='#n248'>248</a> |
301 | <a id='n249' href='#n249'>249</a> |
302 | <a id='n250' href='#n250'>250</a> |
303 | <a id='n251' href='#n251'>251</a> |
304 | <a id='n252' href='#n252'>252</a> |
305 | <a id='n253' href='#n253'>253</a> |
306 | <a id='n254' href='#n254'>254</a> |
307 | <a id='n255' href='#n255'>255</a> |
308 | <a id='n256' href='#n256'>256</a> |
309 | <a id='n257' href='#n257'>257</a> |
310 | <a id='n258' href='#n258'>258</a> |
311 | <a id='n259' href='#n259'>259</a> |
312 | <a id='n260' href='#n260'>260</a> |
313 | <a id='n261' href='#n261'>261</a> |
314 | <a id='n262' href='#n262'>262</a> |
315 | <a id='n263' href='#n263'>263</a> |
316 | <a id='n264' href='#n264'>264</a> |
317 | <a id='n265' href='#n265'>265</a> |
318 | <a id='n266' href='#n266'>266</a> |
319 | <a id='n267' href='#n267'>267</a> |
320 | <a id='n268' href='#n268'>268</a> |
321 | <a id='n269' href='#n269'>269</a> |
322 | <a id='n270' href='#n270'>270</a> |
323 | <a id='n271' href='#n271'>271</a> |
324 | <a id='n272' href='#n272'>272</a> |
325 | <a id='n273' href='#n273'>273</a> |
326 | <a id='n274' href='#n274'>274</a> |
327 | <a id='n275' href='#n275'>275</a> |
328 | <a id='n276' href='#n276'>276</a> |
329 | <a id='n277' href='#n277'>277</a> |
330 | <a id='n278' href='#n278'>278</a> |
331 | <a id='n279' href='#n279'>279</a> |
332 | <a id='n280' href='#n280'>280</a> |
333 | <a id='n281' href='#n281'>281</a> |
334 | <a id='n282' href='#n282'>282</a> |
335 | <a id='n283' href='#n283'>283</a> |
336 | <a id='n284' href='#n284'>284</a> |
337 | <a id='n285' href='#n285'>285</a> |
338 | <a id='n286' href='#n286'>286</a> |
339 | <a id='n287' href='#n287'>287</a> |
340 | <a id='n288' href='#n288'>288</a> |
341 | <a id='n289' href='#n289'>289</a> |
342 | <a id='n290' href='#n290'>290</a> |
343 | <a id='n291' href='#n291'>291</a> |
344 | <a id='n292' href='#n292'>292</a> |
345 | <a id='n293' href='#n293'>293</a> |
346 | <a id='n294' href='#n294'>294</a> |
347 | <a id='n295' href='#n295'>295</a> |
348 | <a id='n296' href='#n296'>296</a> |
349 | <a id='n297' href='#n297'>297</a> |
350 | <a id='n298' href='#n298'>298</a> |
351 | <a id='n299' href='#n299'>299</a> |
352 | <a id='n300' href='#n300'>300</a> |
353 | <a id='n301' href='#n301'>301</a> |
354 | <a id='n302' href='#n302'>302</a> |
355 | <a id='n303' href='#n303'>303</a> |
356 | <a id='n304' href='#n304'>304</a> |
357 | <a id='n305' href='#n305'>305</a> |
358 | <a id='n306' href='#n306'>306</a> |
359 | <a id='n307' href='#n307'>307</a> |
360 | <a id='n308' href='#n308'>308</a> |
361 | <a id='n309' href='#n309'>309</a> |
362 | <a id='n310' href='#n310'>310</a> |
363 | <a id='n311' href='#n311'>311</a> |
364 | </pre></td> |
365 | <td class='lines'><pre><code>From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001 |
366 | From: Ray Strode <rstrode@redhat.com> |
367 | Date: Tue, 5 May 2015 16:43:42 -0400 |
368 | Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3] |
369 | |
370 | Xwayland currently allows wide-open access to the X sockets |
371 | it listens on, ignoring Xauth access control. |
372 | |
373 | This commit makes sure to enable access control on the sockets, |
374 | so one user can't snoop on another user's X-over-wayland |
375 | applications. |
376 | |
377 | Signed-off-by: Ray Strode <rstrode@redhat.com> |
378 | Reviewed-by: Daniel Stone <daniels@collabora.com> |
379 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> |
380 | Signed-off-by: Keith Packard <keithp@keithp.com> |
381 | |
382 | diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c |
383 | index 7e8d667..c5bee77 100644 |
384 | <span class="hl kwb">--- a/hw/xwayland/xwayland.c</span> |
385 | <span class="hl kwa">+++ b/hw/xwayland/xwayland.c</span> |
386 | @@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen) |
387 | int i; |
388 | |
389 | for (i = 0; i < xwl_screen->listen_fd_count; i++) |
390 | <span class="hl kwb">- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);</span> |
391 | <span class="hl kwa">+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);</span> |
392 | } |
393 | |
394 | static void |
395 | <span class="hl kwb">-- </span> |
396 | cgit v0.10.2 |
397 | From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001 |
398 | From: Ray Strode <rstrode@redhat.com> |
399 | Date: Tue, 5 May 2015 16:43:43 -0400 |
400 | Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3] |
401 | |
402 | If the X server is started without a '-auth' argument, then |
403 | it gets started wide open to all local users on the system. |
404 | |
405 | This isn't a great default access model, but changing it in |
406 | Xorg at this point would break backward compatibility. |
407 | |
408 | Xwayland, on the other hand is new, and much more targeted |
409 | in scope. It could, in theory, be changed to allow the much |
410 | more secure default of a "user who started X server can connect |
411 | clients to that server." |
412 | |
413 | This commit paves the way for that change, by adding a mechanism |
414 | for DDXs to opt-in to that behavior. They merely need to call |
415 | |
416 | LocalAccessScopeUser() |
417 | |
418 | in their init functions. |
419 | |
420 | A subsequent commit will add that call for Xwayland. |
421 | |
422 | Signed-off-by: Ray Strode <rstrode@redhat.com> |
423 | Reviewed-by: Daniel Stone <daniels@collabora.com> |
424 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> |
425 | Signed-off-by: Keith Packard <keithp@keithp.com> |
426 | |
427 | diff --git a/include/os.h b/include/os.h |
428 | index 6638c84..b2b96c8 100644 |
429 | <span class="hl kwb">--- a/include/os.h</span> |
430 | <span class="hl kwa">+++ b/include/os.h</span> |
431 | @@ -431,11 +431,28 @@ extern _X_EXPORT void |
432 | ResetHosts(const char *display); |
433 | |
434 | extern _X_EXPORT void |
435 | <span class="hl kwa">+EnableLocalAccess(void);</span> |
436 | <span class="hl kwa">+</span> |
437 | <span class="hl kwa">+extern _X_EXPORT void</span> |
438 | <span class="hl kwa">+DisableLocalAccess(void);</span> |
439 | <span class="hl kwa">+</span> |
440 | <span class="hl kwa">+extern _X_EXPORT void</span> |
441 | EnableLocalHost(void); |
442 | |
443 | extern _X_EXPORT void |
444 | DisableLocalHost(void); |
445 | |
446 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> |
447 | <span class="hl kwa">+extern _X_EXPORT void</span> |
448 | <span class="hl kwa">+EnableLocalUser(void);</span> |
449 | <span class="hl kwa">+</span> |
450 | <span class="hl kwa">+extern _X_EXPORT void</span> |
451 | <span class="hl kwa">+DisableLocalUser(void);</span> |
452 | <span class="hl kwa">+</span> |
453 | <span class="hl kwa">+extern _X_EXPORT void</span> |
454 | <span class="hl kwa">+LocalAccessScopeUser(void);</span> |
455 | <span class="hl kwa">+#endif</span> |
456 | <span class="hl kwa">+</span> |
457 | extern _X_EXPORT void |
458 | AccessUsingXdmcp(void); |
459 | |
460 | diff --git a/os/access.c b/os/access.c |
461 | index 8fa028e..75e7a69 100644 |
462 | <span class="hl kwb">--- a/os/access.c</span> |
463 | <span class="hl kwa">+++ b/os/access.c</span> |
464 | @@ -102,6 +102,10 @@ SOFTWARE. |
465 | #include <sys/ioctl.h> |
466 | #include <ctype.h> |
467 | |
468 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> |
469 | <span class="hl kwa">+#include <pwd.h></span> |
470 | <span class="hl kwa">+#endif</span> |
471 | <span class="hl kwa">+</span> |
472 | #if defined(TCPCONN) || defined(STREAMSCONN) |
473 | #include <netinet/in.h> |
474 | #endif /* TCPCONN || STREAMSCONN */ |
475 | @@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE; |
476 | static int LocalHostRequested = FALSE; |
477 | static int UsingXdmcp = FALSE; |
478 | |
479 | <span class="hl kwa">+static enum {</span> |
480 | <span class="hl kwa">+ LOCAL_ACCESS_SCOPE_HOST = 0,</span> |
481 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> |
482 | <span class="hl kwa">+ LOCAL_ACCESS_SCOPE_USER,</span> |
483 | <span class="hl kwa">+#endif</span> |
484 | <span class="hl kwa">+} LocalAccessScope;</span> |
485 | <span class="hl kwa">+</span> |
486 | /* FamilyServerInterpreted implementation */ |
487 | static Bool siAddrMatch(int family, void *addr, int len, HOST * host, |
488 | ClientPtr client); |
489 | @@ -237,6 +248,21 @@ static void siTypesInitialize(void); |
490 | */ |
491 | |
492 | void |
493 | <span class="hl kwa">+EnableLocalAccess(void)</span> |
494 | <span class="hl kwa">+{</span> |
495 | <span class="hl kwa">+ switch (LocalAccessScope) {</span> |
496 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_HOST:</span> |
497 | <span class="hl kwa">+ EnableLocalHost();</span> |
498 | <span class="hl kwa">+ break;</span> |
499 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> |
500 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_USER:</span> |
501 | <span class="hl kwa">+ EnableLocalUser();</span> |
502 | <span class="hl kwa">+ break;</span> |
503 | <span class="hl kwa">+#endif</span> |
504 | <span class="hl kwa">+ }</span> |
505 | <span class="hl kwa">+}</span> |
506 | <span class="hl kwa">+</span> |
507 | <span class="hl kwa">+void</span> |
508 | EnableLocalHost(void) |
509 | { |
510 | if (!UsingXdmcp) { |
511 | @@ -249,6 +275,21 @@ EnableLocalHost(void) |
512 | * called when authorization is enabled to keep us secure |
513 | */ |
514 | void |
515 | <span class="hl kwa">+DisableLocalAccess(void)</span> |
516 | <span class="hl kwa">+{</span> |
517 | <span class="hl kwa">+ switch (LocalAccessScope) {</span> |
518 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_HOST:</span> |
519 | <span class="hl kwa">+ DisableLocalHost();</span> |
520 | <span class="hl kwa">+ break;</span> |
521 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> |
522 | <span class="hl kwa">+ case LOCAL_ACCESS_SCOPE_USER:</span> |
523 | <span class="hl kwa">+ DisableLocalUser();</span> |
524 | <span class="hl kwa">+ break;</span> |
525 | <span class="hl kwa">+#endif</span> |
526 | <span class="hl kwa">+ }</span> |
527 | <span class="hl kwa">+}</span> |
528 | <span class="hl kwa">+</span> |
529 | <span class="hl kwa">+void</span> |
530 | DisableLocalHost(void) |
531 | { |
532 | HOST *self; |
533 | @@ -262,6 +303,74 @@ DisableLocalHost(void) |
534 | } |
535 | } |
536 | |
537 | <span class="hl kwa">+#ifndef NO_LOCAL_CLIENT_CRED</span> |
538 | <span class="hl kwa">+static int GetLocalUserAddr(char **addr)</span> |
539 | <span class="hl kwa">+{</span> |
540 | <span class="hl kwa">+ static const char *type = "localuser";</span> |
541 | <span class="hl kwa">+ static const char delimiter = '\0';</span> |
542 | <span class="hl kwa">+ static const char *value;</span> |
543 | <span class="hl kwa">+ struct passwd *pw;</span> |
544 | <span class="hl kwa">+ int length = -1;</span> |
545 | <span class="hl kwa">+</span> |
546 | <span class="hl kwa">+ pw = getpwuid(getuid());</span> |
547 | <span class="hl kwa">+</span> |
548 | <span class="hl kwa">+ if (pw == NULL || pw->pw_name == NULL)</span> |
549 | <span class="hl kwa">+ goto out;</span> |
550 | <span class="hl kwa">+</span> |
551 | <span class="hl kwa">+ value = pw->pw_name;</span> |
552 | <span class="hl kwa">+</span> |
553 | <span class="hl kwa">+ length = asprintf(addr, "%s%c%s", type, delimiter, value);</span> |
554 | <span class="hl kwa">+</span> |
555 | <span class="hl kwa">+ if (length == -1) {</span> |
556 | <span class="hl kwa">+ goto out;</span> |
557 | <span class="hl kwa">+ }</span> |
558 | <span class="hl kwa">+</span> |
559 | <span class="hl kwa">+ /* Trailing NUL */</span> |
560 | <span class="hl kwa">+ length++;</span> |
561 | <span class="hl kwa">+</span> |
562 | <span class="hl kwa">+out:</span> |
563 | <span class="hl kwa">+ return length;</span> |
564 | <span class="hl kwa">+}</span> |
565 | <span class="hl kwa">+</span> |
566 | <span class="hl kwa">+void</span> |
567 | <span class="hl kwa">+EnableLocalUser(void)</span> |
568 | <span class="hl kwa">+{</span> |
569 | <span class="hl kwa">+ char *addr = NULL;</span> |
570 | <span class="hl kwa">+ int length = -1;</span> |
571 | <span class="hl kwa">+</span> |
572 | <span class="hl kwa">+ length = GetLocalUserAddr(&addr);</span> |
573 | <span class="hl kwa">+</span> |
574 | <span class="hl kwa">+ if (length == -1)</span> |
575 | <span class="hl kwa">+ return;</span> |
576 | <span class="hl kwa">+</span> |
577 | <span class="hl kwa">+ NewHost(FamilyServerInterpreted, addr, length, TRUE);</span> |
578 | <span class="hl kwa">+</span> |
579 | <span class="hl kwa">+ free(addr);</span> |
580 | <span class="hl kwa">+}</span> |
581 | <span class="hl kwa">+</span> |
582 | <span class="hl kwa">+void</span> |
583 | <span class="hl kwa">+DisableLocalUser(void)</span> |
584 | <span class="hl kwa">+{</span> |
585 | <span class="hl kwa">+ char *addr = NULL;</span> |
586 | <span class="hl kwa">+ int length = -1;</span> |
587 | <span class="hl kwa">+</span> |
588 | <span class="hl kwa">+ length = GetLocalUserAddr(&addr);</span> |
589 | <span class="hl kwa">+</span> |
590 | <span class="hl kwa">+ if (length == -1)</span> |
591 | <span class="hl kwa">+ return;</span> |
592 | <span class="hl kwa">+</span> |
593 | <span class="hl kwa">+ RemoveHost(NULL, FamilyServerInterpreted, length, addr);</span> |
594 | <span class="hl kwa">+</span> |
595 | <span class="hl kwa">+ free(addr);</span> |
596 | <span class="hl kwa">+}</span> |
597 | <span class="hl kwa">+</span> |
598 | <span class="hl kwa">+void</span> |
599 | <span class="hl kwa">+LocalAccessScopeUser(void)</span> |
600 | <span class="hl kwa">+{</span> |
601 | <span class="hl kwa">+ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER;</span> |
602 | <span class="hl kwa">+}</span> |
603 | <span class="hl kwa">+#endif</span> |
604 | <span class="hl kwa">+</span> |
605 | /* |
606 | * called at init time when XDMCP will be used; xdmcp always |
607 | * adds local hosts manually when needed |
608 | diff --git a/os/auth.c b/os/auth.c |
609 | index 5fcb538..7da6fc6 100644 |
610 | <span class="hl kwb">--- a/os/auth.c</span> |
611 | <span class="hl kwa">+++ b/os/auth.c</span> |
612 | @@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length, |
613 | |
614 | /* |
615 | * If the authorization file has at least one entry for this server, |
616 | <span class="hl kwb">- * disable local host access. (loadauth > 0)</span> |
617 | <span class="hl kwa">+ * disable local access. (loadauth > 0)</span> |
618 | * |
619 | * If there are zero entries (either initially or when the |
620 | * authorization file is later reloaded), or if a valid |
621 | <span class="hl kwb">- * authorization file was never loaded, enable local host access.</span> |
622 | <span class="hl kwa">+ * authorization file was never loaded, enable local access.</span> |
623 | * (loadauth == 0 || !loaded) |
624 | * |
625 | * If the authorization file was loaded initially (with valid |
626 | @@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length, |
627 | */ |
628 | |
629 | if (loadauth > 0) { |
630 | <span class="hl kwb">- DisableLocalHost(); /* got at least one */</span> |
631 | <span class="hl kwa">+ DisableLocalAccess(); /* got at least one */</span> |
632 | loaded = TRUE; |
633 | } |
634 | else if (loadauth == 0 || !loaded) |
635 | <span class="hl kwb">- EnableLocalHost();</span> |
636 | <span class="hl kwa">+ EnableLocalAccess();</span> |
637 | } |
638 | if (name_length) { |
639 | for (i = 0; i < NUM_AUTHORIZATION; i++) { |
640 | <span class="hl kwb">-- </span> |
641 | cgit v0.10.2 |
642 | From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001 |
643 | From: Ray Strode <rstrode@redhat.com> |
644 | Date: Tue, 5 May 2015 16:43:44 -0400 |
645 | Subject: xwayland: default to local user if no xauth file given. |
646 | [CVE-2015-3164 3/3] |
647 | |
648 | Right now if "-auth" isn't passed on the command line, we let |
649 | any user on the system connect to the Xwayland server. |
650 | |
651 | That's clearly suboptimal, given Xwayland is generally designed |
652 | to be used by one user at a time. |
653 | |
654 | This commit changes the behavior, so only the user who started the |
655 | X server can connect clients to it. |
656 | |
657 | Signed-off-by: Ray Strode <rstrode@redhat.com> |
658 | Reviewed-by: Daniel Stone <daniels@collabora.com> |
659 | Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> |
660 | Signed-off-by: Keith Packard <keithp@keithp.com> |
661 | |
662 | diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c |
663 | index c5bee77..bc92beb 100644 |
664 | <span class="hl kwb">--- a/hw/xwayland/xwayland.c</span> |
665 | <span class="hl kwa">+++ b/hw/xwayland/xwayland.c</span> |
666 | @@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) |
667 | if (AddScreen(xwl_screen_init, argc, argv) == -1) { |
668 | FatalError("Couldn't add screen\n"); |
669 | } |
670 | <span class="hl kwa">+</span> |
671 | <span class="hl kwa">+ LocalAccessScopeUser();</span> |
672 | } |
673 | <span class="hl kwb">-- </span> |
674 | cgit v0.10.2 |
675 | |
676 | </code></pre></td></tr></table> |
677 | </div> <!-- class=content --> |
678 | <div class="foot" style="padding-left:1em;padding-right:1em;"> |
679 | <p>Copyright © 2002-2014 <a href="mailto:jvinet@zeroflux.org" |
680 | title="contact Judd Vinet">Judd Vinet</a> and <a href="mailto:aaron@archlinux.org" |
681 | title="contact Aaron Griffin">Aaron Griffin</a>. The Arch Linux name and logo |
682 | are recognized trademarks. Some rights reserved. The registered trademark |
683 | Linux® is used pursuant to a sublicense from LMI, the exclusive licensee |
684 | of Linus Torvalds, owner of the mark on a world-wide basis.</p> |
685 | </div> |
686 | </div> <!-- id=cgit --> |
687 | </body> |
688 | </html> |