brl/mutter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

settings: Add Xwayland byte-swapped clients

Browse Source 
Recent versions of Xwayland can allow or disallow X11 clients from
different endianess to connect.

Add a setting to configure this feature from mutter, who spawns
Xwayland.

Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2785>
This commit is contained in:
Olivier Fourdan 2023-01-09 15:35:52 +01:00
parent 9e0b5b1886
commit 5be6e7b18e
3 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
data/org.gnome.mutter.wayland.gschema.xml.in
View File

@ -125,6 +125,30 @@
</description> </description>
</key> </key>
<key name="xwayland-allow-byte-swapped-clients" type="b">
<default>false</default>
<summary>Allow X11 clients with a different endianess to connect to Xwayland</summary>
<description>
Allow connections from clients with an endianess different to that
of Xwayland.
The X server byte-swapping code is a huge attack surface, much of
that code in Xwayland is prone to security issues.
The use-case of byte-swapped clients is very niche, and disabled by
default in Xwayland.
Enable this option to instruct Xwayland to accept connections from
X11 clients with a different endianess.
This option has no effect if Xwayland does not support the command
line option +byteswappedclients/-byteswappedclients to control that
setting.
Xwayland needs to be restarted for this setting to take effect.
</description>
</key>
</schema> </schema>
</schemalist> </schemalist>

2
src/backends/meta-settings-private.h
View File

@ -77,6 +77,8 @@ gboolean meta_settings_are_xwayland_grabs_allowed (MetaSettings *settings);
int meta_settings_get_xwayland_disable_extensions (MetaSettings *settings); int meta_settings_get_xwayland_disable_extensions (MetaSettings *settings);
gboolean meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings);
gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings); gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings);
void meta_settings_set_privacy_screen_enabled (MetaSettings *settings, void meta_settings_set_privacy_screen_enabled (MetaSettings *settings,

23
src/backends/meta-settings.c
View File

@ -74,6 +74,9 @@ struct _MetaSettings
/* A bitmask of MetaXwaylandExtension enum */ /* A bitmask of MetaXwaylandExtension enum */
int xwayland_disable_extensions; int xwayland_disable_extensions;
/* Whether Xwayland should allow X11 clients from different endianess */
gboolean xwayland_allow_byte_swapped_clients;
}; };
G_DEFINE_TYPE (MetaSettings, meta_settings, G_TYPE_OBJECT) G_DEFINE_TYPE (MetaSettings, meta_settings, G_TYPE_OBJECT)
@ -428,6 +431,15 @@ update_privacy_settings (MetaSettings *settings)
settings); settings);
} }
static void
update_xwayland_allow_byte_swapped_clients (MetaSettings *settings)
{
settings->xwayland_allow_byte_swapped_clients =
g_settings_get_flags (settings->wayland_settings,
"xwayland-allow-byte-swapped-clients");
}
static void static void
wayland_settings_changed (GSettings *wayland_settings, wayland_settings_changed (GSettings *wayland_settings,
gchar *key, gchar *key,
@ -446,6 +458,10 @@ wayland_settings_changed (GSettings *wayland_settings,
{ {
update_xwayland_disable_extensions (settings); update_xwayland_disable_extensions (settings);
} }
else if (g_str_equal (key, "xwayland-allow-byte-swapped-clients"))
{
update_xwayland_allow_byte_swapped_clients (settings);
}
} }
void void
@ -469,6 +485,13 @@ meta_settings_get_xwayland_disable_extensions (MetaSettings *settings)
return (settings->xwayland_disable_extensions); return (settings->xwayland_disable_extensions);
} }
gboolean
meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings)
{
return settings->xwayland_allow_byte_swapped_clients;
}
gboolean gboolean
meta_settings_is_privacy_screen_enabled (MetaSettings *settings) meta_settings_is_privacy_screen_enabled (MetaSettings *settings)
{ {