On Fri, 24 Aug 2007, Brett Parker wrote:
Given that you've given it access to your display and handed it a shiny cookie on a plate, I don't see that as a security risk - you've granted it the permissions it requires, it's just using straight off xlib calls to check and call (IIRC).
Hmm... I was fishing for someone to suggest that Xorg on machine C can be configured in a way that allows a client on machine A to open a window of its own on the display of machine C, but in which the X server on machine C doesn't pass on messages from the client on machine A that appear to be telling a client on machine B what to do. Anyone?