On 2024-06-30 09:30, Po Lu wrote: > A recent "security fix" in ProcXFixesSelectSelectionInput hamstrings > this request in the event that no ownership has yet been asserted over > the selection. > > The proximate cause is thus: dixLookupSelection returns error > indications when no selection data exists, which case is identified by > &selection remaining unaltered, but is erroneously interpreted as an > access control denial, with the important consequence that gnome-shell > crashes on startup having received a BadMatch. > > I don't believe it's possible to control access to still-nonexistent > selections through XACE.
See: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1556#note_2466012 https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1573 https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1574 > diff --git a/xfixes/select.c b/xfixes/select.c > index 660eed210..11ddc4939 100644 > --- a/xfixes/select.c > +++ b/xfixes/select.c > @@ -128,7 +128,9 @@ XFixesSelectSelectionInput(ClientPtr pClient, > Selection *selection; > > rc = dixLookupSelection(&selection, selection_name, pClient, > DixGetAttrAccess); > - if (rc != Success) > + if (rc != Success > + /* Selection exists, but access control handlers were triggered. */ > + && selection) > return rc; > > for (prev = &selectionEvents; (e = *prev); prev = &e->next) { AFAICT this would end up creating a struct _SelectionEvent with member selection=NULL, which would later match for any non-existing selection_name. I doubt that works as intended. -- Earthling Michel Dänzer | https://redhat.com Libre software enthusiast | Mesa and Xwayland developer
