[gnome-screensaver/gnome-2-28] Ensure keyboard grab and unlock dialog exist after monitor removal

From: Ray Strode <halfline src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [gnome-screensaver/gnome-2-28] Ensure keyboard grab and unlock dialog exist after monitor removal
Date: Mon, 8 Feb 2010 15:59:30 +0000 (UTC)

commit dcca89b7ab6e1220815af38da246434b2e13fd9f
Author: Ray Strode <rstrode redhat com>
Date:   Mon Feb 8 10:25:10 2010 -0500

    Ensure keyboard grab and unlock dialog exist after monitor removal
    
    gnome-screensaver currently doesn't deal with monitors getting
    removed properly.  If the unlock dialog is on the removed monitor
    then the unlock dialog and its associated keyboard grab are not
    moved to an existing monitor when the monitor removal is processed.
    
    This means that users can gain access to the locked system by placing
    the mouse pointer on an external monitor and then disconnect the
    external monitor.
    
    CVE-2010-0414
    https://bugzilla.gnome.org/show_bug.cgi?id=609337

 src/gs-manager.c    |   13 +++++++++++++
 src/gs-window-x11.c |   17 +++++++++++++++++
 2 files changed, 30 insertions(+), 0 deletions(-)
---
diff --git a/src/gs-manager.c b/src/gs-manager.c
index bb0ddf6..6581031 100644
--- a/src/gs-manager.c
+++ b/src/gs-manager.c
@@ -1478,6 +1478,9 @@ on_screen_monitors_changed (GdkScreen *screen,
                         gs_manager_create_window_for_monitor (manager, screen, i);
                 }
         } else {
+
+                gdk_x11_grab_server ();
+
                 /* remove the extra windows */
                 l = manager->priv->windows;
                 while (l != NULL) {
@@ -1495,6 +1498,16 @@ on_screen_monitors_changed (GdkScreen *screen,
                         }
                         l = next;
                 }
+
+                /* make sure there is a lock dialog on a connected monitor,
+                 * and that the keyboard is still properly grabbed after all
+                 * the windows above got destroyed*/
+                if (n_windows > n_monitors) {
+                        gs_manager_request_unlock (manager);
+                }
+
+                gdk_flush ();
+                gdk_x11_ungrab_server ();
         }
 }
 
diff --git a/src/gs-window-x11.c b/src/gs-window-x11.c
index ea6c1cd..4bdbf58 100644
--- a/src/gs-window-x11.c
+++ b/src/gs-window-x11.c
@@ -45,6 +45,8 @@ static void gs_window_init       (GSWindow      *window);
 static void gs_window_finalize   (GObject       *object);
 
 static gboolean popup_dialog_idle (GSWindow *window);
+static void gs_window_dialog_finish (GSWindow *window);
+static void remove_command_watches (GSWindow *window);
 
 enum {
         DIALOG_RESPONSE_CANCEL,
@@ -927,6 +929,21 @@ gs_window_destroy (GSWindow *window)
 {
         g_return_if_fail (GS_IS_WINDOW (window));
 
+        if (window->priv->lock_pid > 0) {
+                gs_window_dialog_finish (window);
+        }
+
+        remove_popup_dialog_idle (window);
+        remove_command_watches (window);
+        remove_watchdog_timer (window);
+
+        if (window->priv->lock_box != NULL) {
+                gtk_container_remove (GTK_CONTAINER (window->priv->vbox), GTK_WIDGET (window->priv->lock_box));
+                window->priv->lock_box = NULL;
+
+                g_signal_emit (window, signals [DIALOG_DOWN], 0);
+        }
+
         gtk_widget_destroy (GTK_WIDGET (window));
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]