mirror of
https://github.com/brl/mutter.git
synced 2024-12-25 12:32:05 +00:00
xwayland: Always require X11 authentication
This reverts commit eac227a203
.
Currently, Flatpak applications can bypass the X11 permission setting
and access the X server through abstract sockets because X11 authentication
is not enforced for the current user ID.
Fix this by always requiring X11 authentication for Xwayland. This also
means applications without XAUTHORITY set to the file with Mutter's
Xwayland credentials cannot connect to X, including apps launched from
VT or SSH.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2633>
This commit is contained in:
parent
184055b2bb
commit
b61b0478f7
@ -734,23 +734,6 @@ prepare_auth_file (MetaXWaylandManager *manager,
|
|||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
|
||||||
add_local_user_to_xhost (Display *xdisplay)
|
|
||||||
{
|
|
||||||
XHostAddress host_entry;
|
|
||||||
XServerInterpretedAddress siaddr;
|
|
||||||
|
|
||||||
siaddr.type = (char *) "localuser";
|
|
||||||
siaddr.typelength = strlen (siaddr.type);
|
|
||||||
siaddr.value = (char *) g_get_user_name();
|
|
||||||
siaddr.valuelength = strlen (siaddr.value);
|
|
||||||
|
|
||||||
host_entry.family = FamilyServerInterpreted;
|
|
||||||
host_entry.address = (char *) &siaddr;
|
|
||||||
|
|
||||||
XAddHost (xdisplay, &host_entry);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
on_init_x11_cb (MetaDisplay *display,
|
on_init_x11_cb (MetaDisplay *display,
|
||||||
GAsyncResult *result,
|
GAsyncResult *result,
|
||||||
@ -1135,8 +1118,6 @@ meta_xwayland_setup_xdisplay (MetaXWaylandManager *manager,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
XFixesSetClientDisconnectMode (xdisplay, XFixesClientDisconnectFlagTerminate);
|
XFixesSetClientDisconnectMode (xdisplay, XFixesClientDisconnectFlagTerminate);
|
||||||
|
|
||||||
add_local_user_to_xhost (xdisplay);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
Loading…
Reference in New Issue
Block a user