On Tue, Apr 21, 2009 at 11:25:18AM +0200, Simon Thum wrote: > Peter Hutterer wrote: >> On Mon, Apr 20, 2009 at 03:41:34PM +0200, Simon Thum wrote: >>> Julien Cristau wrote: >>>> One thing I'm wondering is if I should be more paranoid and also check >>>> that format is 32 when type is FLOAT or ATOM. >>> I'd say if the server does 'enforce' it, that's enough. We depend on >>> a sane server anyway :) >> >> In regards to properties, the server doesn't really enforce anything. >> properties are a storage mechanism and the X server will happily store >> anything you tell it to. >> >> The only exception are those properties handled in the server/driver because >> the handlers will usually check for sanity. This doesn't apply to >> user-defined >> properties however. > Ah OK, I haven't had those in mind. However, if it's important enough to > do some checking, why not do it in the server + let clients be > permissive?
>From the ChangeProperty spec: "The type is uninterpreted by the server." If the server is not allowed to touch or look at the type, it can't really check for correctness. Even if you did, there's the dange of breaking apps. > My thinking goes like: unenforced solution -> breakage in some client -> > CVE-2011-0815 Meh. The client should simply treat properties like user input - if you don't check it, the big boys will laugh at you. Cheers, Peter _______________________________________________ xorg-devel mailing list [email protected] http://lists.x.org/mailman/listinfo/xorg-devel
