Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!apple!voder!wlbr!WLV.IMSD.CONTEL.COM!lwb
From: lwb@WLV.IMSD.CONTEL.COM (Les Beears)
Newsgroups: comp.windows.x
Subject: Re: X and security (or lack there of)
Summary: X is totally devoid of security(almost)
Keywords: Security
Message-ID: <36904@wlbr.IMSD.CONTEL.COM>
Date: 20 Sep 89 17:58:55 GMT
References: <"890915115900.75046.606.CHD27-4"@CompuServe.COM>
Sender: news@wlbr.IMSD.CONTEL.COM
Reply-To: lwb@WLV.IMSD.CONTEL.COM.UUCP (Les Beears)
Organization: Contel Federal Systems
Lines: 11

Security in X windows is a major problem. This issue was addressed
at the Xhibition in a conference which was entitled something like
"X security, an oxymoron?".  X windows lacks even the normal security
(discresionary access conrtol) which is normally provided to objects
within the system.  Once a host is given access to an X server any
user on that host can do anything to the X server.  This means that
any client can move or delete windows, or capture keystrokes.  No
special privilege is required to execute any of the X commands.

Kerberos is the project Athena attempt at network security, but it
does nothing to make X itself more secure.