xwayland: Always require X11 authentication
This reverts commit eac227a203dba4d45398dfb85ec5b4610b5f3be7. Currently, Flatpak applications can bypass the X11 permission setting and access the X server through abstract sockets because X11 authentication is not enforced for the current user ID. Fix this by always requiring X11 authentication for Xwayland. This also means applications without XAUTHORITY set to the file with Mutter's Xwayland credentials cannot connect to X, including apps launched from VT or SSH. Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2633>
This commit is contained in:
msizanoen1
Marge Bot
parent
184055b2bb
commit
b61b0478f7
@ -734,23 +734,6 @@ prepare_auth_file (MetaXWaylandManager *manager,
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void
|
||||
add_local_user_to_xhost (Display *xdisplay)
|
||||
{
|
||||
XHostAddress host_entry;
|
||||
XServerInterpretedAddress siaddr;
|
||||
|
||||
siaddr.type = (char *) "localuser";
|
||||
siaddr.typelength = strlen (siaddr.type);
|
||||
siaddr.value = (char *) g_get_user_name();
|
||||
siaddr.valuelength = strlen (siaddr.value);
|
||||
|
||||
host_entry.family = FamilyServerInterpreted;
|
||||
host_entry.address = (char *) &siaddr;
|
||||
|
||||
XAddHost (xdisplay, &host_entry);
|
||||
}
|
||||
|
||||
static void
|
||||
on_init_x11_cb (MetaDisplay *display,
|
||||
GAsyncResult *result,
|
||||
@ -1135,8 +1118,6 @@ meta_xwayland_setup_xdisplay (MetaXWaylandManager *manager,
|
||||
#endif
|
||||
|
||||
XFixesSetClientDisconnectMode (xdisplay, XFixesClientDisconnectFlagTerminate);
|
||||
|
||||
add_local_user_to_xhost (xdisplay);
|
||||
}
|
||||
|
||||
static void
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user