X-Git-Url: https://git.sesse.net/?p=rdpsrv;a=blobdiff_plain;f=Xserver%2Fprograms%2FXserver%2FXext%2FSecurityPolicy;fp=Xserver%2Fprograms%2FXserver%2FXext%2FSecurityPolicy;h=be6736a6f7e5aafbd82a87ca0160bfe289bdf291;hp=0000000000000000000000000000000000000000;hb=b6e6afccf37f4ad0515ef2a698f714fdf1bf23b3;hpb=e3340a110a3b01756b8e67531395a33b40a17d37 diff --git a/Xserver/programs/Xserver/Xext/SecurityPolicy b/Xserver/programs/Xserver/Xext/SecurityPolicy new file mode 100644 index 0000000..be6736a --- /dev/null +++ b/Xserver/programs/Xserver/Xext/SecurityPolicy @@ -0,0 +1,88 @@ +version-1 + +# $XConsortium: SecurityPolicy /main/3 1996/12/20 20:27:48 swick $ + +# The site policy fields are interpreted by the XC-QUERY-SECURITY-1 +# authorization protocol. The values are arbitrary and site-specific. +# Refer to the Security Extension Specification for the usage of the policies. +#sitepolicy A +#sitepolicy B +#sitepolicy C + +# Property access rules: +# property +# ::= any | root | +# ::= | = +# :== [ | | ]* +# :== r | w | d +# r read +# w write +# d delete +# :== a | i | e +# a allow +# i ignore +# e error + +# Allow reading of application resources, but not writing. +property RESOURCE_MANAGER root ar iw +property SCREEN_RESOURCES root ar iw + +# Ignore attempts to use cut buffers. Giving errors causes apps to crash, +# and allowing access may give away too much information. +property CUT_BUFFER0 root irw +property CUT_BUFFER1 root irw +property CUT_BUFFER2 root irw +property CUT_BUFFER3 root irw +property CUT_BUFFER4 root irw +property CUT_BUFFER5 root irw +property CUT_BUFFER6 root irw +property CUT_BUFFER7 root irw + +# If you are using Motif, you probably want these. +property _MOTIF_DEFAULT_BINDINGS root ar iw +property _MOTIF_DRAG_WINDOW root ar iw +property _MOTIF_DRAG_TARGETS any ar iw +property _MOTIF_DRAG_ATOMS any ar iw +property _MOTIF_DRAG_ATOM_PAIRS any ar iw + +# If you are running CDE you also need these +property _MOTIF_WM_INFO root arw +property TT_SESSION root irw +property WM_ICON_SIZE root irw +property "SDT Pixel Set" any irw + +# The next two rules let xwininfo -tree work when untrusted. +property WM_NAME any ar + +# Allow read of WM_CLASS, but only for windows with WM_NAME. +# This might be more restrictive than necessary, but demonstrates +# the facility, and is also an attempt to +# say "top level windows only." +property WM_CLASS WM_NAME ar + +# These next three let xlsclients work untrusted. Think carefully +# before including these; giving away the client machine name and command +# may be exposing too much. +property WM_STATE WM_NAME ar +property WM_CLIENT_MACHINE WM_NAME ar +property WM_COMMAND WM_NAME ar + +# To let untrusted clients use the standard colormaps created by +# xstdcmap, include these lines. +property RGB_DEFAULT_MAP root ar +property RGB_BEST_MAP root ar +property RGB_RED_MAP root ar +property RGB_GREEN_MAP root ar +property RGB_BLUE_MAP root ar +property RGB_GRAY_MAP root ar + +# To let untrusted clients use the color management database created +# by xcmsdb, include these lines. +property XDCCC_LINEAR_RGB_CORRECTION root ar +property XDCCC_LINEAR_RGB_MATRICES root ar +property XDCCC_GRAY_SCREENWHITEPOINT root ar +property XDCCC_GRAY_CORRECTION root ar + +# To let untrusted clients use the overlay visuals that many vendors +# support, include this line. +property SERVER_OVERLAY_VISUALS root ar