commit cc59be38b7eff52a1d003b390f2994c73ee0b3e9
Author: Keith Packard <keithp@keithp.com>
Date: Fri Sep 12 11:33:48 2014 -0700
os: Don't listen to 'tcp' by default. Add '-listen' option. [v2]
This disables the tcp listen socket by default. Then, it
uses a new xtrans interface, TRANS(Listen), to provide a command line
option to re-enable those if desired.
v2: Leave unix socket enabled by default. Add configure options.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
One year after Ilja van Sprundel, discovered and reported a large number
of issues in the way the X server code base handles requests from X clients,
they have been fixed.
a SIGUSR1 signal to init(8).
It can happen that xdm dies before the X server that it started.
In that case X's is reparented by init...
This is handled correctly when privilege separation is not compiled
but got overlooked in the privilege separation case.
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing file.
Note that xserver on OpenBSD isn't affected by CVE-2011-4029.
is just noise and now happens while the X autoconfiguration
code probes all /dev/wsmouse<n> devices.
If the error matters, the driver will emit a proper error
nevertheless.
checking the list), this allows drm to work in -keepPriv situations.
This diff has been in my tree awaiting proper testing for months, now
i'm sure it works correctly in it goes.
ok matthieu@ an aeon ago.
privsep ( O_NONBLOCK | O_RDWR | O_EXCL) by turning the list of allowed
devices into a struct, with the flags we're supposed to use, then using
these values with open(). Add /dev/dri/card0 there too (more'll be needed to be
added when it matters).
This gives privsep with dri a chance to work.
ok matthieu
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis. From deraadt@
