aboutsummaryrefslogtreecommitdiffstats
path: root/xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch
diff options
context:
space:
mode:
Diffstat (limited to 'xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch')
-rw-r--r--xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch311
1 files changed, 0 insertions, 311 deletions
diff --git a/xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch b/xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch
deleted file mode 100644
index e2ee129..0000000
--- a/xorg-server-hwcursor-gamma/fix-CVE-2015-3164.patch
+++ /dev/null
@@ -1,311 +0,0 @@
-From c4534a38b68aa07fb82318040dc8154fb48a9588 Mon Sep 17 00:00:00 2001
-From: Ray Strode <rstrode@redhat.com>
-Date: Tue, 5 May 2015 16:43:42 -0400
-Subject: xwayland: Enable access control on open sockets [CVE-2015-3164 1/3]
-
-Xwayland currently allows wide-open access to the X sockets
-it listens on, ignoring Xauth access control.
-
-This commit makes sure to enable access control on the sockets,
-so one user can't snoop on another user's X-over-wayland
-applications.
-
-Signed-off-by: Ray Strode <rstrode@redhat.com>
-Reviewed-by: Daniel Stone <daniels@collabora.com>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Signed-off-by: Keith Packard <keithp@keithp.com>
-
-diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
-index 7e8d667..c5bee77 100644
---- a/hw/xwayland/xwayland.c
-+++ b/hw/xwayland/xwayland.c
-@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen)
- int i;
-
- for (i = 0; i < xwl_screen->listen_fd_count; i++)
-- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
-+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
- }
-
- static void
---
-cgit v0.10.2
-From 4b4b9086d02b80549981d205fb1f495edc373538 Mon Sep 17 00:00:00 2001
-From: Ray Strode <rstrode@redhat.com>
-Date: Tue, 5 May 2015 16:43:43 -0400
-Subject: os: support new implicit local user access mode [CVE-2015-3164 2/3]
-
-If the X server is started without a '-auth' argument, then
-it gets started wide open to all local users on the system.
-
-This isn't a great default access model, but changing it in
-Xorg at this point would break backward compatibility.
-
-Xwayland, on the other hand is new, and much more targeted
-in scope. It could, in theory, be changed to allow the much
-more secure default of a "user who started X server can connect
-clients to that server."
-
-This commit paves the way for that change, by adding a mechanism
-for DDXs to opt-in to that behavior. They merely need to call
-
-LocalAccessScopeUser()
-
-in their init functions.
-
-A subsequent commit will add that call for Xwayland.
-
-Signed-off-by: Ray Strode <rstrode@redhat.com>
-Reviewed-by: Daniel Stone <daniels@collabora.com>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Signed-off-by: Keith Packard <keithp@keithp.com>
-
-diff --git a/include/os.h b/include/os.h
-index 6638c84..b2b96c8 100644
---- a/include/os.h
-+++ b/include/os.h
-@@ -431,11 +431,28 @@ extern _X_EXPORT void
- ResetHosts(const char *display);
-
- extern _X_EXPORT void
-+EnableLocalAccess(void);
-+
-+extern _X_EXPORT void
-+DisableLocalAccess(void);
-+
-+extern _X_EXPORT void
- EnableLocalHost(void);
-
- extern _X_EXPORT void
- DisableLocalHost(void);
-
-+#ifndef NO_LOCAL_CLIENT_CRED
-+extern _X_EXPORT void
-+EnableLocalUser(void);
-+
-+extern _X_EXPORT void
-+DisableLocalUser(void);
-+
-+extern _X_EXPORT void
-+LocalAccessScopeUser(void);
-+#endif
-+
- extern _X_EXPORT void
- AccessUsingXdmcp(void);
-
-diff --git a/os/access.c b/os/access.c
-index 8fa028e..75e7a69 100644
---- a/os/access.c
-+++ b/os/access.c
-@@ -102,6 +102,10 @@ SOFTWARE.
- #include <sys/ioctl.h>
- #include <ctype.h>
-
-+#ifndef NO_LOCAL_CLIENT_CRED
-+#include <pwd.h>
-+#endif
-+
- #if defined(TCPCONN) || defined(STREAMSCONN)
- #include <netinet/in.h>
- #endif /* TCPCONN || STREAMSCONN */
-@@ -225,6 +229,13 @@ static int LocalHostEnabled = FALSE;
- static int LocalHostRequested = FALSE;
- static int UsingXdmcp = FALSE;
-
-+static enum {
-+ LOCAL_ACCESS_SCOPE_HOST = 0,
-+#ifndef NO_LOCAL_CLIENT_CRED
-+ LOCAL_ACCESS_SCOPE_USER,
-+#endif
-+} LocalAccessScope;
-+
- /* FamilyServerInterpreted implementation */
- static Bool siAddrMatch(int family, void *addr, int len, HOST * host,
- ClientPtr client);
-@@ -237,6 +248,21 @@ static void siTypesInitialize(void);
- */
-
- void
-+EnableLocalAccess(void)
-+{
-+ switch (LocalAccessScope) {
-+ case LOCAL_ACCESS_SCOPE_HOST:
-+ EnableLocalHost();
-+ break;
-+#ifndef NO_LOCAL_CLIENT_CRED
-+ case LOCAL_ACCESS_SCOPE_USER:
-+ EnableLocalUser();
-+ break;
-+#endif
-+ }
-+}
-+
-+void
- EnableLocalHost(void)
- {
- if (!UsingXdmcp) {
-@@ -249,6 +275,21 @@ EnableLocalHost(void)
- * called when authorization is enabled to keep us secure
- */
- void
-+DisableLocalAccess(void)
-+{
-+ switch (LocalAccessScope) {
-+ case LOCAL_ACCESS_SCOPE_HOST:
-+ DisableLocalHost();
-+ break;
-+#ifndef NO_LOCAL_CLIENT_CRED
-+ case LOCAL_ACCESS_SCOPE_USER:
-+ DisableLocalUser();
-+ break;
-+#endif
-+ }
-+}
-+
-+void
- DisableLocalHost(void)
- {
- HOST *self;
-@@ -262,6 +303,74 @@ DisableLocalHost(void)
- }
- }
-
-+#ifndef NO_LOCAL_CLIENT_CRED
-+static int GetLocalUserAddr(char **addr)
-+{
-+ static const char *type = "localuser";
-+ static const char delimiter = '\0';
-+ static const char *value;
-+ struct passwd *pw;
-+ int length = -1;
-+
-+ pw = getpwuid(getuid());
-+
-+ if (pw == NULL || pw->pw_name == NULL)
-+ goto out;
-+
-+ value = pw->pw_name;
-+
-+ length = asprintf(addr, "%s%c%s", type, delimiter, value);
-+
-+ if (length == -1) {
-+ goto out;
-+ }
-+
-+ /* Trailing NUL */
-+ length++;
-+
-+out:
-+ return length;
-+}
-+
-+void
-+EnableLocalUser(void)
-+{
-+ char *addr = NULL;
-+ int length = -1;
-+
-+ length = GetLocalUserAddr(&addr);
-+
-+ if (length == -1)
-+ return;
-+
-+ NewHost(FamilyServerInterpreted, addr, length, TRUE);
-+
-+ free(addr);
-+}
-+
-+void
-+DisableLocalUser(void)
-+{
-+ char *addr = NULL;
-+ int length = -1;
-+
-+ length = GetLocalUserAddr(&addr);
-+
-+ if (length == -1)
-+ return;
-+
-+ RemoveHost(NULL, FamilyServerInterpreted, length, addr);
-+
-+ free(addr);
-+}
-+
-+void
-+LocalAccessScopeUser(void)
-+{
-+ LocalAccessScope = LOCAL_ACCESS_SCOPE_USER;
-+}
-+#endif
-+
- /*
- * called at init time when XDMCP will be used; xdmcp always
- * adds local hosts manually when needed
-diff --git a/os/auth.c b/os/auth.c
-index 5fcb538..7da6fc6 100644
---- a/os/auth.c
-+++ b/os/auth.c
-@@ -181,11 +181,11 @@ CheckAuthorization(unsigned int name_length,
-
- /*
- * If the authorization file has at least one entry for this server,
-- * disable local host access. (loadauth > 0)
-+ * disable local access. (loadauth > 0)
- *
- * If there are zero entries (either initially or when the
- * authorization file is later reloaded), or if a valid
-- * authorization file was never loaded, enable local host access.
-+ * authorization file was never loaded, enable local access.
- * (loadauth == 0 || !loaded)
- *
- * If the authorization file was loaded initially (with valid
-@@ -194,11 +194,11 @@ CheckAuthorization(unsigned int name_length,
- */
-
- if (loadauth > 0) {
-- DisableLocalHost(); /* got at least one */
-+ DisableLocalAccess(); /* got at least one */
- loaded = TRUE;
- }
- else if (loadauth == 0 || !loaded)
-- EnableLocalHost();
-+ EnableLocalAccess();
- }
- if (name_length) {
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
---
-cgit v0.10.2
-From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001
-From: Ray Strode <rstrode@redhat.com>
-Date: Tue, 5 May 2015 16:43:44 -0400
-Subject: xwayland: default to local user if no xauth file given.
- [CVE-2015-3164 3/3]
-
-Right now if "-auth" isn't passed on the command line, we let
-any user on the system connect to the Xwayland server.
-
-That's clearly suboptimal, given Xwayland is generally designed
-to be used by one user at a time.
-
-This commit changes the behavior, so only the user who started the
-X server can connect clients to it.
-
-Signed-off-by: Ray Strode <rstrode@redhat.com>
-Reviewed-by: Daniel Stone <daniels@collabora.com>
-Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
-Signed-off-by: Keith Packard <keithp@keithp.com>
-
-diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
-index c5bee77..bc92beb 100644
---- a/hw/xwayland/xwayland.c
-+++ b/hw/xwayland/xwayland.c
-@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv)
- if (AddScreen(xwl_screen_init, argc, argv) == -1) {
- FatalError("Couldn't add screen\n");
- }
-+
-+ LocalAccessScopeUser();
- }
---
-cgit v0.10.2
-