settings: Add Xwayland byte-swapped clients

Recent versions of Xwayland can allow or disallow X11 clients from different endianess to connect. Add a setting to configure this feature from mutter, who spawns Xwayland. Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2785>
2023-01-09 15:35:52 +01:00 · 2023-01-09 15:35:52 +01:00 · 5be6e7b18e
commit 5be6e7b18e
parent 9e0b5b1886
3 changed files with 49 additions and 0 deletions
--- a/data/org.gnome.mutter.wayland.gschema.xml.in
+++ b/data/org.gnome.mutter.wayland.gschema.xml.in
@ -125,6 +125,30 @@
      </description>
    </key>

+    <key name="xwayland-allow-byte-swapped-clients" type="b">
+      <default>false</default>
+      <summary>Allow X11 clients with a different endianess to connect to Xwayland</summary>
+      <description>
+        Allow connections from clients with an endianess different to that
+	of Xwayland.
+
+	The X server byte-swapping code is a huge attack surface, much of
+	that code in Xwayland is prone to security issues.
+
+	The use-case of byte-swapped clients is very niche, and disabled by
+	default in Xwayland.
+
+	Enable this option to instruct Xwayland to accept connections from
+	X11 clients with a different endianess.
+
+        This option has no effect if Xwayland does not support the command
+	line option +byteswappedclients/-byteswappedclients to control that
+	setting.
+
+        Xwayland needs to be restarted for this setting to take effect.
+      </description>
+    </key>
+
  </schema>

 </schemalist>
--- a/src/backends/meta-settings-private.h
+++ b/src/backends/meta-settings-private.h
@ -77,6 +77,8 @@ gboolean meta_settings_are_xwayland_grabs_allowed (MetaSettings *settings);

 int meta_settings_get_xwayland_disable_extensions (MetaSettings *settings);

+gboolean meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings);
+
 gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings);

 void meta_settings_set_privacy_screen_enabled (MetaSettings *settings,
--- a/src/backends/meta-settings.c
+++ b/src/backends/meta-settings.c
@ -74,6 +74,9 @@ struct _MetaSettings

  /* A bitmask of MetaXwaylandExtension enum */
  int xwayland_disable_extensions;
+
+  /* Whether Xwayland should allow X11 clients from different endianess */
+  gboolean xwayland_allow_byte_swapped_clients;
 };

 G_DEFINE_TYPE (MetaSettings, meta_settings, G_TYPE_OBJECT)
@ -428,6 +431,15 @@ update_privacy_settings (MetaSettings *settings)
                            settings);
 }

+static void
+update_xwayland_allow_byte_swapped_clients (MetaSettings *settings)
+{
+
+  settings->xwayland_allow_byte_swapped_clients =
+    g_settings_get_flags (settings->wayland_settings,
+                          "xwayland-allow-byte-swapped-clients");
+}
+
 static void
 wayland_settings_changed (GSettings    *wayland_settings,
                          gchar        *key,
@ -446,6 +458,10 @@ wayland_settings_changed (GSettings    *wayland_settings,
    {
      update_xwayland_disable_extensions (settings);
    }
+  else if (g_str_equal (key, "xwayland-allow-byte-swapped-clients"))
+    {
+      update_xwayland_allow_byte_swapped_clients (settings);
+    }
 }

 void
@ -469,6 +485,13 @@ meta_settings_get_xwayland_disable_extensions (MetaSettings *settings)
  return (settings->xwayland_disable_extensions);
 }

+gboolean
+meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings)
+{
+
+  return settings->xwayland_allow_byte_swapped_clients;
+}
+
 gboolean
 meta_settings_is_privacy_screen_enabled (MetaSettings *settings)
 {