Disallow byte-swapped clients by default (!1029) · Merge requests · xorg / xserver

Peter Hutterer requested to merge whot/xserver:wip/disallow-swapped-clients into master Dec 20, 2022

The X server swapping code is a huge attack surface, much of this code is untested and prone to security issues. The use-case of byte-swapped clients is very niche, so let's disable this by default and allow it only when the respective config option or commandline flag is given.

For Xorg, this adds the ServerFlag "AllowByteSwappedClients" "on". For all DDX, this adds the commandline options +byteswappedclients and -byteswappedclients.

Fixes #1201 (closed)

Test program: byteswap.c, compile with gcc -o byteswap byteswap.c

cc @DemiMarie, @alanc, @ofourdan

Edited Jan 04, 2023 by Peter Hutterer

Admin message

Disallow byte-swapped clients by default

Merge request reports