whenever you have a linux desktop (KDE, Gnome2-3) you use the x-server and a client (window-manager like lightdm) to connect to it. They communicate via network thus allowing to redirect the grafical output of remotely-run programs to the local display. (ssh -X user@server)


OpenGL Extension (GLX) is a horrible demotivator! 80,000 lines of sheer terror.“ and „In the past couple of months I’ve found 120 bugs there, and I’m not close to done.“

Those wanting to read more about the troubled state of the X.Org Server security can watch the CCC presentation video from the CCC.de web-site.

i just hope everything is fixed or rewritten now 😀

When you run an X server on your PC and the X server is the active application, all user input (mouse movement and key presses) are given by the computer to the X server. Applications that wish to interact with the user connect to the X server and ask for copies of user input.

Since the keystrokes often include information like usernames and passwords, it is important to make sure that this information is given only to the applications that should receive them. You can expect that normal applications like xterm or mozilla will behave properly. However it is possible for malicious Internet users to create applications that will surreptitiously listen in on your keystrokes and harvest information, including your Kerberos password.

All modern X servers provide a method to secure against connections from such unwanted applications; however, not all X server applications (including those native to UNIX) enable access controls by default.

To begin, you should make sure you understand How X-Windows Access Control Works.  If you are attempting to use X-Windows in the Unix or Linux environment, you may find our X-Terminal Security documentation helpful.  If you are using X-Win32 you should look at our advice on Securing X-Win32.