[PATCH] xinput: add set-prop command
Simon Thum
simon.thum at gmx.de
Tue Apr 21 02:25:18 PDT 2009
Peter Hutterer wrote:
> On Mon, Apr 20, 2009 at 03:41:34PM +0200, Simon Thum wrote:
>> Julien Cristau wrote:
>>> One thing I'm wondering is if I should be more paranoid and also check
>>> that format is 32 when type is FLOAT or ATOM.
>> I'd say if the server does 'enforce' it, that's enough. We depend on a
>> sane server anyway :)
>
> In regards to properties, the server doesn't really enforce anything.
> properties are a storage mechanism and the X server will happily store
> anything you tell it to.
>
> The only exception are those properties handled in the server/driver because
> the handlers will usually check for sanity. This doesn't apply to user-defined
> properties however.
Ah OK, I haven't had those in mind. However, if it's important enough to
do some checking, why not do it in the server + let clients be permissive?
My thinking goes like: unenforced solution -> breakage in some client ->
CVE-2011-0815
Cheers,
Simon
More information about the xorg-devel
mailing list