xwayland: default to local user if no xauth file given. [CVE-2015-3164 3/3]
Right now if "-auth" isn't passed on the command line, we let
any user on the system connect to the Xwayland server.
That's clearly suboptimal, given Xwayland is generally designed
to be used by one user at a time.
This commit changes the behavior, so only the user who started the
X server can connect clients to it.
Signed-off-by: Ray Strode <email address hidden>
Reviewed-by: Daniel Stone <email address hidden>
Reviewed-by: Alan Coopersmith <email address hidden>
Signed-off-by: Keith Packard <email address hidden>
(cherry picked from commit 76636ac12f2d1dbdf7be08222f80e7505d53c451)
os: support new implicit local user access mode [CVE-2015-3164 2/3]
If the X server is started without a '-auth' argument, then
it gets started wide open to all local users on the system.
This isn't a great default access model, but changing it in
Xorg at this point would break backward compatibility.
Xwayland, on the other hand is new, and much more targeted
in scope. It could, in theory, be changed to allow the much
more secure default of a "user who started X server can connect
clients to that server."
This commit paves the way for that change, by adding a mechanism
for DDXs to opt-in to that behavior. They merely need to call
LocalAccessScopeUser()
in their init functions.
A subsequent commit will add that call for Xwayland.
Signed-off-by: Ray Strode <email address hidden>
Reviewed-by: Daniel Stone <email address hidden>
Reviewed-by: Alan Coopersmith <email address hidden>
Signed-off-by: Keith Packard <email address hidden>
(cherry picked from commit 4b4b9086d02b80549981d205fb1f495edc373538)
xwayland: Enable access control on open sockets [CVE-2015-3164 1/3]
Xwayland currently allows wide-open access to the X sockets
it listens on, ignoring Xauth access control.
This commit makes sure to enable access control on the sockets,
so one user can't snoop on another user's X-over-wayland
applications.
Signed-off-by: Ray Strode <email address hidden>
Reviewed-by: Daniel Stone <email address hidden>
Reviewed-by: Alan Coopersmith <email address hidden>
Signed-off-by: Keith Packard <email address hidden>
(cherry picked from commit c4534a38b68aa07fb82318040dc8154fb48a9588)
XkbStringText escapes non-printable characters using octal numbers. Such escape
sequence would be at most 5 characters long ("\0123"), so it reserves 5 bytes
in the buffer. Due to char->unsigned int conversion, it would print much longer
string for negative numbers.
Reviewed-by: Keith Packard <email address hidden>
Signed-off-by: Julien Cristau <email address hidden>
(cherry picked from commit eaf1f72ed8994b708d94ec2de7b1a99f5c4a39b8)
(cherry picked from commit 3094c4c6d879215923f2183ecd048b4f5429b182)