Commit 76636ac1 authored by Ray Strode's avatar Ray Strode Committed by Keith Packard
Browse files

xwayland: default to local user if no xauth file given. [CVE-2015-3164 3/3]

Right now if "-auth" isn't passed on the command line, we let
any user on the system connect to the Xwayland server.

That's clearly suboptimal, given Xwayland is generally designed
to be used by one user at a time.

This commit changes the behavior, so only the user who started the
X server can connect clients to it.

Signed-off-by: default avatarRay Strode <>
Reviewed-by: Daniel Stone's avatarDaniel Stone <>
Reviewed-by: Alan Coopersmith's avatarAlan Coopersmith <>
Signed-off-by: Keith Packard's avatarKeith Packard <>
parent 4b4b9086
...@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv) ...@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv)
if (AddScreen(xwl_screen_init, argc, argv) == -1) { if (AddScreen(xwl_screen_init, argc, argv) == -1) {
FatalError("Couldn't add screen\n"); FatalError("Couldn't add screen\n");
} }
} }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment