diff options
author | dkf <donal.k.fellows@manchester.ac.uk> | 2009-08-25 08:48:16 (GMT) |
---|---|---|
committer | dkf <donal.k.fellows@manchester.ac.uk> | 2009-08-25 08:48:16 (GMT) |
commit | 04186cac679b0f544237dd1c8be70e4f3a79a2e7 (patch) | |
tree | 01e8083e454fe4409f999a44309f7a6e286bc143 /unix | |
parent | e9044ae71084142ae100561370c6c291dd279a4c (diff) | |
download | tk-04186cac679b0f544237dd1c8be70e4f3a79a2e7.zip tk-04186cac679b0f544237dd1c8be70e4f3a79a2e7.tar.gz tk-04186cac679b0f544237dd1c8be70e4f3a79a2e7.tar.bz2 |
[Bug 1909931]: Add support for server-interpreted access control addreses.
Diffstat (limited to 'unix')
-rw-r--r-- | unix/tkUnixSend.c | 50 |
1 files changed, 47 insertions, 3 deletions
diff --git a/unix/tkUnixSend.c b/unix/tkUnixSend.c index b2083f3..1c8c67c 100644 --- a/unix/tkUnixSend.c +++ b/unix/tkUnixSend.c @@ -11,7 +11,7 @@ * See the file "license.terms" for information on usage and redistribution of * this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tkUnixSend.c,v 1.20 2007/12/13 15:28:51 dgp Exp $ + * RCS: @(#) $Id: tkUnixSend.c,v 1.20.2.1 2009/08/25 08:48:16 dkf Exp $ */ #include "tkUnixInt.h" @@ -681,8 +681,52 @@ ServerSecure( secure = 0; addrPtr = XListHosts(dispPtr->display, &numHosts, &enabled); - if (enabled && (numHosts == 0)) { - secure = 1; + if (enabled) { + if (numHosts == 0) { + secure = 1; + } + + /* + * Recent versions of X11 have the extra feature of allowing more + * sophisticated authorization checks to be performed than the dozy + * old ones that used to plague xhost usage. However, not all deployed + * versions of Xlib know how to deal with this feature, so this code + * is conditional on having the right #def in place. [Bug 1909931] + */ + +#ifdef FamilyServerInterpreted + if (numHosts == 1 && addrPtr[0].family == FamilyServerInterpreted) { + XServerInterpretedAddress *siPtr = + (XServerInterpretedAddress *) addrPtr[0].address; + + if (siPtr->typelength==9 && !memcmp(siPtr->type,"localuser",9)) { + /* + * We don't check the username here. This is because it's + * officially non-portable and we are just making sure there + * aren't silly misconfigurations. (Apparently 'root' is not a + * very good choice, but we still don't put any effort in to + * spot that.) + */ + + secure = 1; + } else if (siPtr->typelength == 10 + && !memcmp(siPtr->type, "localgroup", 10)) { + /* + * Similarly to above, we don't attempt to peek inside server + * interpreted group names. If someone set it, it's what they + * want and we assume it's OK. + */ + + secure = 1; + } + + /* + * The other defined types of server-interpreted controls involve + * particular hosts; these are still insecure for the same reasons + * that classic xhost access is insecure. + */ + } +#endif } if (addrPtr != NULL) { XFree((char *) addrPtr); |