** Allocate memory for the new context
*/
if (!isDirect) {
+ /* Only allow creating indirect GLX contexts if allowed by
+ * server command line. Indirect GLX is of limited use (since
+ * it's only GL 1.4), it's slower than direct contexts, and
+ * it's a massive attack surface for buffer overflow type
+ * errors.
+ */
+ if (!enableIndirectGLX) {
+ client->errorValue = isDirect;
+ return BadValue;
+ }
+
/* Without any attributes, the only error that the driver should be
* able to generate is BadAlloc. As result, just drop the error
* returned from the driver on the floor.
extern _X_EXPORT int defaultBackingStore;
extern _X_EXPORT Bool disableBackingStore;
extern _X_EXPORT Bool enableBackingStore;
+extern _X_EXPORT Bool enableIndirectGLX;
extern _X_EXPORT Bool PartialNetwork;
extern _X_EXPORT Bool RunFromSigStopParent;
Bool CoreDump;
+Bool enableIndirectGLX = TRUE;
+
#ifdef PANORAMIX
Bool PanoramiXExtensionDisabledHack = FALSE;
#endif
ErrorF("-fn string default font name\n");
ErrorF("-fp string default font path\n");
ErrorF("-help prints message with these options\n");
+ ErrorF("+iglx Allow creating indirect GLX contexts (default)\n");
+ ErrorF("-iglx Prohibit creating indirect GLX contexts\n");
ErrorF("-I ignore all remaining arguments\n");
#ifdef RLIMIT_DATA
ErrorF("-ld int limit data space to N Kb\n");
UseMsg();
exit(0);
}
+ else if (strcmp(argv[i], "+iglx") == 0)
+ enableIndirectGLX = TRUE;
+ else if (strcmp(argv[i], "-iglx") == 0)
+ enableIndirectGLX = FALSE;
else if ((skip = XkbProcessArguments(argc, argv, i)) != 0) {
if (skip > 0)
i += skip - 1;