From 5be6e7b18e179a6979b19866d9512389efb3aaef Mon Sep 17 00:00:00 2001 From: Olivier Fourdan Date: Mon, 9 Jan 2023 15:35:52 +0100 Subject: [PATCH] settings: Add Xwayland byte-swapped clients Recent versions of Xwayland can allow or disallow X11 clients from different endianess to connect. Add a setting to configure this feature from mutter, who spawns Xwayland. Part-of: --- data/org.gnome.mutter.wayland.gschema.xml.in | 24 ++++++++++++++++++++ src/backends/meta-settings-private.h | 2 ++ src/backends/meta-settings.c | 23 +++++++++++++++++++ 3 files changed, 49 insertions(+) diff --git a/data/org.gnome.mutter.wayland.gschema.xml.in b/data/org.gnome.mutter.wayland.gschema.xml.in index 8a1878e10..3c3e54498 100644 --- a/data/org.gnome.mutter.wayland.gschema.xml.in +++ b/data/org.gnome.mutter.wayland.gschema.xml.in @@ -125,6 +125,30 @@ + + false + Allow X11 clients with a different endianess to connect to Xwayland + + Allow connections from clients with an endianess different to that + of Xwayland. + + The X server byte-swapping code is a huge attack surface, much of + that code in Xwayland is prone to security issues. + + The use-case of byte-swapped clients is very niche, and disabled by + default in Xwayland. + + Enable this option to instruct Xwayland to accept connections from + X11 clients with a different endianess. + + This option has no effect if Xwayland does not support the command + line option +byteswappedclients/-byteswappedclients to control that + setting. + + Xwayland needs to be restarted for this setting to take effect. + + + diff --git a/src/backends/meta-settings-private.h b/src/backends/meta-settings-private.h index 47d2d6074..87af21515 100644 --- a/src/backends/meta-settings-private.h +++ b/src/backends/meta-settings-private.h @@ -77,6 +77,8 @@ gboolean meta_settings_are_xwayland_grabs_allowed (MetaSettings *settings); int meta_settings_get_xwayland_disable_extensions (MetaSettings *settings); +gboolean meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings); + gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings); void meta_settings_set_privacy_screen_enabled (MetaSettings *settings, diff --git a/src/backends/meta-settings.c b/src/backends/meta-settings.c index 414ca48e8..aead64ccb 100644 --- a/src/backends/meta-settings.c +++ b/src/backends/meta-settings.c @@ -74,6 +74,9 @@ struct _MetaSettings /* A bitmask of MetaXwaylandExtension enum */ int xwayland_disable_extensions; + + /* Whether Xwayland should allow X11 clients from different endianess */ + gboolean xwayland_allow_byte_swapped_clients; }; G_DEFINE_TYPE (MetaSettings, meta_settings, G_TYPE_OBJECT) @@ -428,6 +431,15 @@ update_privacy_settings (MetaSettings *settings) settings); } +static void +update_xwayland_allow_byte_swapped_clients (MetaSettings *settings) +{ + + settings->xwayland_allow_byte_swapped_clients = + g_settings_get_flags (settings->wayland_settings, + "xwayland-allow-byte-swapped-clients"); +} + static void wayland_settings_changed (GSettings *wayland_settings, gchar *key, @@ -446,6 +458,10 @@ wayland_settings_changed (GSettings *wayland_settings, { update_xwayland_disable_extensions (settings); } + else if (g_str_equal (key, "xwayland-allow-byte-swapped-clients")) + { + update_xwayland_allow_byte_swapped_clients (settings); + } } void @@ -469,6 +485,13 @@ meta_settings_get_xwayland_disable_extensions (MetaSettings *settings) return (settings->xwayland_disable_extensions); } +gboolean +meta_settings_are_xwayland_byte_swapped_clients_allowed (MetaSettings *settings) +{ + + return settings->xwayland_allow_byte_swapped_clients; +} + gboolean meta_settings_is_privacy_screen_enabled (MetaSettings *settings) {