#3715 BLOC First D: Cull X extensions we don't need.

Zarro Boogs per Child bugtracker at laptop.org
Fri Sep 21 14:57:33 EDT 2007 

#3715: Cull X extensions we don't need.
-----------------------------+----------------------------------------------
 Reporter:  jg               |       Owner:  bernie                
     Type:  defect           |      Status:  new                   
 Priority:  blocker          |   Milestone:  First Deployment, V1.0
Component:  x window system  |     Version:                        
 Keywords:                   |    Verified:  0                     
-----------------------------+----------------------------------------------
 We did this once before; it got lost.  Due to security concerns, we have
 to make this a blocker for first deployment, though an easy one.

 My decisions are on the next reply.

 Eamon Walsh was kind enough to look over our list and comment:

 > BIG-REQUESTS
 > Composite
 > DAMAGE
 > DPMS

 Don't like this one myself, think this should go away in favor of a
 kernel-based mechanism.

 > Extended-Visual-Information

 You might consider dropping this as it doesn't actually do anything -
 the values have been hard-coded since 1997.

 > MIT-SCREEN_SAVER
 > MIT-SHM
 > MIT-SUNDRY-NONSTANDARD

 You might consider dropping this unless you happen to be running X
 client code from 1987 (it's R4 compatibility).

 > RANDR
 > RECORD

 This extension messes with the dispatch tables and thus might interfere
 with the access control extension.  Still working on it.  Do you really
 want record functionality?

 > RENDER
 > SECURITY

 If you're going to be writing a custom security module for OLPC you
 wont' need this.

 > SHAPE
 > SYNC
 > TOG-CUP

 You don't need this unless you're providing indexed color visuals.

 > X-Resource

 This is primarily for debugging (determining memory use) might consider
 disabling in production.  The only client user of it is xrestop.

 > XAccessControlExtension
 > XC-APPGROUP

 This has "interesting" security implications (multiple window managers
 running at once).  Haven't seen any users of it.  Also, depends on
 SECURITY extension.

 > XC-MISC
 > XFIXES
 > XFree86-Bigfont
 > XFree86-DGA

 This is the worst one I've seen, it's a direct access to the framebuffer
 hack.  Don't know how to secure this at all, probably going to just deny
 it entirely in my policies.

 > XFReee86-Misc

 You might consider dropping this.  It only provides some extra mouse and
 keyboard configuration and it has a nasty bag-of-bits "PassMessage"
 request that can't be secured in the DIX.

 > XFree86-VidModeExtension
 > XINERAMA

 Haven't looked at this.  I think RandR-based multihead should replace
 this.

 > XInputExtension
 > XKEYBOARD
 > XTEST

 As with the RECORD extension make sure you want this functionality.
 It's great for faking input, mostly a debugging tool.

 > XVideo
 >
 > There is some trash in there; I properly triaged the extensions once,
 > but it got lost along the way....
 >                         - Jim
 >

-- 
Ticket URL: <https://dev.laptop.org/ticket/3715>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list