Hello. There has never been any security in the X protocol beyond the connection authentication.
You have not been told it was removed because it has not, there has never been. There is some stuff in place that discriminates "remote" and "local" clients and forbids "remote" clients doing some stuff but that's it. The reason is simple. The fact that the client *can* connect locally means that it runs on your local machine and has permission to access a secret that is presumably specific to your account (the current authentication scheme is somewhat weak by today standard but the protocol is extensible to encompass new schemes yet nobody cared enough to add something better). Given that X was developed and runs on POSIX systems that have no process security whatsoever then a process that can access one of your files (the secret) can access all of your other files and processes and would have no reason to attack through X while it can do the same directly. Regards Michal _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
