commit be202f533ab98a684c6a007e8d5b4357846bc222
Author: Fabian Vogt <fabian@ritter-vogt.de>
Date:   Tue Oct 6 21:21:38 2020 +0200

    Fix X not having access control on startup
    
    If the auth file is empty, X allows any local application (= any user on the
    system) to connect. This is currently the case until X wrote the display
    number to sddm and sddm used that to write the entry into the file.
    To work around this chicken-and-egg problem, make use of the fact that X
    doesn't actually look at the display number in the passed auth file and just
    use :0 unconditionally. Also make sure that writing the entry was actually
    successful.
    
    CVE-2020-28049

diff --git a/src/daemon/XorgDisplayServer.cpp b/src/daemon/XorgDisplayServer.cpp
index d04f634..df685b2 100644
--- a/src/daemon/XorgDisplayServer.cpp
+++ b/src/daemon/XorgDisplayServer.cpp
@@ -88,7 +88,7 @@ namespace SDDM {
         return m_cookie;
     }
 
-    void XorgDisplayServer::addCookie(const QString &file) {
+    bool XorgDisplayServer::addCookie(const QString &file) {
         // log message
         qDebug() << "Adding cookie to" << file;
 
@@ -104,13 +104,13 @@ namespace SDDM {
 
         // check file
         if (!fp)
-            return;
+            return false;
         fprintf(fp, "remove %s\n", qPrintable(m_display));
         fprintf(fp, "add %s . %s\n", qPrintable(m_display), qPrintable(m_cookie));
         fprintf(fp, "exit\n");
 
         // close pipe
-        pclose(fp);
+        return pclose(fp) == 0;
     }
 
     bool XorgDisplayServer::start() {
@@ -127,6 +127,15 @@ namespace SDDM {
         // log message
         qDebug() << "Display server starting...";
 
+        // generate auth file.
+        // For the X server's copy, the display number doesn't matter.
+        // An empty file would result in no access control!
+        m_display = QStringLiteral(":0");
+        if(!addCookie(m_authPath)) {
+            qCritical() << "Failed to write xauth file";
+            return false;
+        }
+
         if (daemonApp->testing()) {
             QStringList args;
             QDir x11socketDir(QStringLiteral("/tmp/.X11-unix"));
@@ -217,8 +226,14 @@ namespace SDDM {
             emit started();
         }
 
-        // generate auth file
-        addCookie(m_authPath);
+        // The file is also used by the greeter, which does care about the
+        // display number. Write the proper entry, if it's different.
+        if(m_display != QStringLiteral(":0")) {
+            if(!addCookie(m_authPath)) {
+                qCritical() << "Failed to write xauth file";
+                return false;
+            }
+        }
         changeOwner(m_authPath);
 
         // set flag
diff --git a/src/daemon/XorgDisplayServer.h b/src/daemon/XorgDisplayServer.h
index d2bdf6d..e97a0b5 100644
--- a/src/daemon/XorgDisplayServer.h
+++ b/src/daemon/XorgDisplayServer.h
@@ -40,7 +40,7 @@ namespace SDDM {
 
         const QString &cookie() const;
 
-        void addCookie(const QString &file);
+        bool addCookie(const QString &file);
 
     public slots:
         bool start();