Security: Absolute Client vetting or trust a remote root?

Michal Suchanek hramrach at
Thu Jun 7 06:15:25 PDT 2012


There has never been any security in the X protocol beyond the
connection authentication.

You have not been told it was removed because it has not, there has never been.

There is some stuff in place that discriminates "remote" and "local"
clients and forbids "remote" clients doing some stuff but that's it.

The reason is simple. The fact that the client *can* connect locally
means that it runs on your local machine and has permission to access
a secret that is presumably specific to your account (the current
authentication scheme is somewhat weak by today standard but the
protocol is extensible to encompass new schemes yet nobody cared
enough to add something better).

Given that X was developed and runs on POSIX systems that have no
process security whatsoever then a process that can access one of your
files (the secret) can access all of your other files and processes
and would have no reason to attack through X while it can do the same



More information about the xorg-devel mailing list