Security: Absolute Client vetting or trust a remote root?

Mike Mestnik cheako+xorg-devel at
Thu Jun 7 18:52:24 PDT 2012

On 06/07/12 08:15, Michal Suchanek wrote:
> Hello.
> There has never been any security in the X protocol beyond the
> connection authentication.

I'm referring to the XGrabKeyboard() call and yes X has many other
layers of security that I feel are worth mentioning.  For example OpenGL
applications are forbidden from accessing all of system memory via GPU
DMA.  To consider that there is no security is a little narrow-minded,
there is *plenty of security.  The issue I'm reporting is that of what
*little security there is, it's being chipped away under the flag of
"There is not as much security as there should be, so a little less
security is not a problem."  I'm saying this is a huge problem to remove
security in an area that clearly doesn't have enough security... not the
other way around.

* The amount of security is only perhaps a fraction of what it should
be, but there is still a lot of it.

> You have not been told it was removed because it has not, there has never been.
> There is some stuff in place that discriminates "remote" and "local"
> clients and forbids "remote" clients doing some stuff but that's it.
> The reason is simple. The fact that the client *can* connect locally
> means that it runs on your local machine and has permission to access
> a secret that is presumably specific to your account (the current
> authentication scheme is somewhat weak by today standard but the
> protocol is extensible to encompass new schemes yet nobody cared
> enough to add something better).
> Given that X was developed and runs on POSIX systems that have no
> process security whatsoever then a process that can access one of your
> files (the secret) can access all of your other files and processes
> and would have no reason to attack through X while it can do the same
> directly.
> Regards
> Michal

More information about the xorg-devel mailing list