On Fri, 2017-10-06 at 19:46 +0000, Uecker, Martin wrote: > Hi, > > I would like to use untrusted connections for remote > clients. Currently this does not work for me, because it is > too slow, and I always have to use trusted connections. > > So I wonder what it would take to expose some additional > extensions that are required for efficiency to untrusted > clients, in particular the RENDER extension?
The first step would be to add RENDER to the SecurityTrustedExtensions list. After that one might need to fix SecurityResource() or SecurityDoCheck() to allow untrusted client to do whatever they want to their own resources (this might already be the case but I haven't tried to understand that code in detail). I continue to maintain that interacting with an "untrusted" remote client is a weird thing to want: if you can't trust it to interact peacefully with other clients, how can you trust it to do what you expect when you type into it? But there's no intrinsic reason why RENDER couldn't be made to work for untrusted clients, in fact extending coverage to _all_ extensions should be pretty straightforward since the selinux work put hooks in all the right places. - ajax _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel