35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From 76636ac12f2d1dbdf7be08222f80e7505d53c451 Mon Sep 17 00:00:00 2001
|
|
From: Ray Strode <rstrode@redhat.com>
|
|
Date: Tue, 5 May 2015 16:43:44 -0400
|
|
Subject: xwayland: default to local user if no xauth file given.
|
|
[CVE-2015-3164 3/3]
|
|
|
|
Right now if "-auth" isn't passed on the command line, we let
|
|
any user on the system connect to the Xwayland server.
|
|
|
|
That's clearly suboptimal, given Xwayland is generally designed
|
|
to be used by one user at a time.
|
|
|
|
This commit changes the behavior, so only the user who started the
|
|
X server can connect clients to it.
|
|
|
|
Signed-off-by: Ray Strode <rstrode@redhat.com>
|
|
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
|
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
|
|
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
|
|
index c5bee77..bc92beb 100644
|
|
--- a/hw/xwayland/xwayland.c
|
|
+++ b/hw/xwayland/xwayland.c
|
|
@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv)
|
|
if (AddScreen(xwl_screen_init, argc, argv) == -1) {
|
|
FatalError("Couldn't add screen\n");
|
|
}
|
|
+
|
|
+ LocalAccessScopeUser();
|
|
}
|
|
--
|
|
cgit v0.10.2
|
|
|