summaryrefslogtreecommitdiffstats
path: root/unix
diff options
context:
space:
mode:
authordonal.k.fellows@manchester.ac.uk <dkf>2009-08-25 08:48:16 (GMT)
committerdonal.k.fellows@manchester.ac.uk <dkf>2009-08-25 08:48:16 (GMT)
commitb3c7c34f905289908551c755919da17efd9bca3b (patch)
tree01e8083e454fe4409f999a44309f7a6e286bc143 /unix
parenteb9a027bc5b4efb40f9f7cfe88981cb2586f9873 (diff)
downloadtk-b3c7c34f905289908551c755919da17efd9bca3b.zip
tk-b3c7c34f905289908551c755919da17efd9bca3b.tar.gz
tk-b3c7c34f905289908551c755919da17efd9bca3b.tar.bz2
[Bug 1909931]: Add support for server-interpreted access control addreses.
Diffstat (limited to 'unix')
-rw-r--r--unix/tkUnixSend.c50
1 files changed, 47 insertions, 3 deletions
diff --git a/unix/tkUnixSend.c b/unix/tkUnixSend.c
index b2083f3..1c8c67c 100644
--- a/unix/tkUnixSend.c
+++ b/unix/tkUnixSend.c
@@ -11,7 +11,7 @@
* See the file "license.terms" for information on usage and redistribution of
* this file, and for a DISCLAIMER OF ALL WARRANTIES.
*
- * RCS: @(#) $Id: tkUnixSend.c,v 1.20 2007/12/13 15:28:51 dgp Exp $
+ * RCS: @(#) $Id: tkUnixSend.c,v 1.20.2.1 2009/08/25 08:48:16 dkf Exp $
*/
#include "tkUnixInt.h"
@@ -681,8 +681,52 @@ ServerSecure(
secure = 0;
addrPtr = XListHosts(dispPtr->display, &numHosts, &enabled);
- if (enabled && (numHosts == 0)) {
- secure = 1;
+ if (enabled) {
+ if (numHosts == 0) {
+ secure = 1;
+ }
+
+ /*
+ * Recent versions of X11 have the extra feature of allowing more
+ * sophisticated authorization checks to be performed than the dozy
+ * old ones that used to plague xhost usage. However, not all deployed
+ * versions of Xlib know how to deal with this feature, so this code
+ * is conditional on having the right #def in place. [Bug 1909931]
+ */
+
+#ifdef FamilyServerInterpreted
+ if (numHosts == 1 && addrPtr[0].family == FamilyServerInterpreted) {
+ XServerInterpretedAddress *siPtr =
+ (XServerInterpretedAddress *) addrPtr[0].address;
+
+ if (siPtr->typelength==9 && !memcmp(siPtr->type,"localuser",9)) {
+ /*
+ * We don't check the username here. This is because it's
+ * officially non-portable and we are just making sure there
+ * aren't silly misconfigurations. (Apparently 'root' is not a
+ * very good choice, but we still don't put any effort in to
+ * spot that.)
+ */
+
+ secure = 1;
+ } else if (siPtr->typelength == 10
+ && !memcmp(siPtr->type, "localgroup", 10)) {
+ /*
+ * Similarly to above, we don't attempt to peek inside server
+ * interpreted group names. If someone set it, it's what they
+ * want and we assume it's OK.
+ */
+
+ secure = 1;
+ }
+
+ /*
+ * The other defined types of server-interpreted controls involve
+ * particular hosts; these are still insecure for the same reasons
+ * that classic xhost access is insecure.
+ */
+ }
+#endif
}
if (addrPtr != NULL) {
XFree((char *) addrPtr);