Package: X11-common Version: 1:7.7+16 Severity: normal
A user can put anything in ~/.xsessionrc which can be put in ~/.xsession. Most files in Xsession.d/ have a check for what is allowed in Xsession.options. ~/.xsessionrc doesn't, so the user has a free rein. Xsession(5) notes that restrictions on a user running arbitary programs might be easy to bypass, but this is when using software which is outside the control of the X maintainers. Regards, Brian.
