[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#700530: qt frames empty



On Thu, Feb 21, 2013 at 00:45:04 +0000, Steven Chamberlain wrote:

> Hi,
> 
> That's odd... I don't notice any such glitch with at least kcalc, kate,
> qsynth - with xorg-server/2:1.12.4-4 and qt4-x11/4:4.8.2+dfsg-11 on
> kfreebsd-amd64 (9.0, wheezy/sid not fully up-to-date).  I'm using the
> Xtightvnc server if that's relevant.
> 
Does Xtightvnc expose MIT-SHM?  xdpyinfo would tell you.

> On 20/02/13 22:18, Sune Vuorela wrote:
> > The fix is surprisingly in xorg-server and can be found here:
> > http://people.debian.org/~jcristau/kbsd-peercred.diff
> 
> I rebuilt xorg-server with Julien's patch and it still seems fine - but
> can't confirm if it really fixed the problem unless I can reproduce it
> first.
> 
> Thanks to everyone involved in this.  I'm a little curious what the
> patch does exactly, and particularly if it might have any effects beyond
> GNU/kFreeBSD?
> 
AIUI X checks the permissions of SHM segments referenced in XShmAttach()
requests to make sure that the client actually has the proper
permissions over said SHM segment, and is not trying to abuse the fact
that the X server is running as root and thus can get access to somebody
else's memory.  That means said SHM segments need to either be
world-accessible, or the X server needs to be able to determine the
euid/egid of the client process, which is what the patched code is
about.

On Linux, the SO_PEERCRED socket option gives that information.  On
FreeBSD, there's a getpeereid() libc call.  On kFreeBSD, no such thing
exists in glibc as far as I can tell, so the patch uses the
LOCAL_PEERCRED socket option instead to get a struct xucred with the
needed info.

HTH,
Julien


Reply to: