Description of problem: From upstream bugzilla: If compiz is used and "Unredirected Fullscreen mode" is turned on the gnome-screensaver keybord grab does not work. Its possible to input into (hidden) windows then. Additional info: Upstream bug report contains patch. Feel free to request freeze break for f8 to fix this, as it has security implications. References: https://launchpad.net/bugs/145123 http://bugzilla.gnome.org/show_bug.cgi?id=488264
hmm, if what the person says is true, then the patch can't be right. that means gnome-screensaver is running without a keyboard grab in effect?!
ajax, is "XCompositeUnredirectWindow()" really dropping grabs?
It looks like it is: for (ccw = cw->clients; ccw; ccw = ccw->next) if (ccw->update == update && CLIENT_ID(ccw->id) == pClient->index) { FreeResource (ccw->id, RT_NONE); return Success; } then FreeResource calls compFreeClientWindow () which does: UnmapWindow (pWin, FALSE); (from looking through the code, I haven't verified it actually runs that way in practice). This is an X server bug. One client shouldn't be able to break the grabs of another.
So ajax and I talked to keithp about this a bit on IRC. It's apparently hard to make XCompositeUnredirectWindow not have an intermediate unmap, and while breaking grabs is sort of an unexpected side effect, this side effect is not likely to go away in the near future. In case it's not clear, this is not an xserver security issue. Any client can break the grabs of any other client, snoop on any other client, or even disconnect any other client by design. What this is, is a compiz bug. It shouldn't be unredirecting after map. It should check if the window is fullscreen and unredirecting before the map. moving to compiz.
I'm moving this to the security response product for tracking.
Here is the upstream bug report: http://bugs.opencompositing.org/show_bug.cgi?id=668
It's a bug in the xserver that it breaks grabs when a window is redirected or unredirected. I committed a fix upstream: http://cgit.freedesktop.org/xorg/xserver/commit/?id=a6a7fadbb03ee99312dfb15ac478ab3c414c1c0b and have built the new X server in rawhide.
Awesome work, Kristian! It's nice to see the fix wasn't as invasive as initially expected.
xorg-x11-server-1.3.0.0-40.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-server-1.3.0.0-16.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
I'm marking this as low after discussing it with krh: "this one is disabled by default, not documented, and you have to navigate through gconf-editor to enable it"
Reporter changed to security-response-team by request of Jay Turner.