Overview

File U_xwayland-enable-access-control-on-open-socket.patch of Package xorg-x11-server.4651

Subject: xwayland: Enable access control on open sockets
Author: Ray Strode <rstrode@redhat.com>
Path-mainline: Upstream
Git-commit: c4534a38b68aa07fb82318040dc8154fb48a9588
References: bnc#934102 CVE-2015-3164
Signed-off-by: Michal Srb <msrb@suse.com>

Xwayland currently allows wide-open access to the X sockets
it listens on, ignoring Xauth access control.

This commit makes sure to enable access control on the sockets,
so one user can't snoop on another user's X-over-wayland
applications.

Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>

diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
index 7e8d667..c5bee77 100644
--- a/hw/xwayland/xwayland.c
+++ b/hw/xwayland/xwayland.c
@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen)
     int i;
 
     for (i = 0; i < xwl_screen->listen_fd_count; i++)
-        ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
+        ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
 }
 
 static void
openSUSE Build Service is sponsored by
Places