T 4.12 Lack of authentication possibilities between X server and X client

The X-Window system in particular should only be used in a trustworthy environment if suitable security mechanisms such as "magic cookies" or Secure Shell, for example, are not used. Without security functions, all users involved will be provided with the option of corrupting both the X client and the X server. The X server process responsible for input and output on a computer is not able to discern whom the X client process it communicates with belongs to. Therefore, all X clients can access all data entered in an X server, and the X server does not have any means of determining which X client it receives data from. For example, the program meltdown simulates the optical "melting" of the screen of any X server. Likewise, it is possible to read data from an xterm client or to provide this client with proprietary data, i.e. to make screenshots from another computer working with X-Window, for example.

Examples:

• The xspy tool can be used to automatically log keyboard input on an Xterm remote.
• Windows shown by an attacker on an X server cannot be optically distinguished from those of the X client that is actually desired. In this way, an attacker may implant incorrect information or provoke the input of sensitive information with the help of forged windows.