[PATCH] xace: Fix XaceCensorImage to actually censor the right part of the image

Adam Jackson ajax at nwnk.net
Thu Aug 18 16:11:23 UTC 2016

On Thu, 2016-08-18 at 11:09 +0900, Michel Dänzer wrote:

> Unfortunately, this broke two XTS tests:
> xts5 at xlib9@xgetimage at 7
> xts5 at xlib9@xgetsubimage at 7

Low impact, fortunately, but still unpleasant. The test in question is:

520|0 7 00020031 1 2|Assertion XGetImage-7.(A)
520|0 7 00020031 1 3|When the specified rectangle includes the window border,
520|0 7 00020031 1 4|then the contents of the window border are obtained in the
520|0 7 00020031 1 5|XImage structure returned by a call to XGetImage.

I think there are two issues here. One is pVisibleRegion (the region we
don't censor) is the intersection of borderClip (the exterior
dimensions of the window including the border, clipped by siblings) and
winSize (the inside-the-border region of the window). Clipping by
winSize means we'll censor the window border. I think what's actually
wanted there is borderClip also clipped by children [1]; we don't have
a function handy to compute that, but it's straightforward enough.

The other issue is we censor the image unconditionally if the server
was built with support for any security extensions, regardless of
whether the requesting client is trusted (for XC-SECURITY) or in a
different security context than the window (for XACE).

Patches forthcoming.

[1] - Well kinda. You want to clip away children whose contents you
aren't authorized to see, which isn't quite the same.

- ajax

More information about the xorg-devel mailing list