First page Back Continue Last page Overview Graphics
X Security Problems
Once connection to X server is allowed, SELinux has no further control over X operations.
Objects are globally accessible: can read or draw into other windows, capture keyboard events, etc.
Processes can exchange arbitrary data using window properties.
Current solution is to deny connection entirely. This is too coarse-grained.