> it's longstanding "common knowledge" (among people that think about such things) that an suid binary shouldn't link to Xlib, right?
While we’d like to hope so, we know it’s not true amongst the application developer population in general. Besides the KDE issues mentioned in the CanSecWest preso, and GTK’s prohibition of setuid use (though that’s not about not trusting Xlib, but not wanting to have to block or sandbox user-specified loadable modules), we know there’s other examples out there.
which sounds like someone who never looked at the XKB & XIM portions of Xlib. I never thought it would make me so unhappy to prove jwz wrong.
It also goes to show that extensive security audits in the past are no match for either evolving code bases or evolving attack profiles, and anything that hasn't been audited recently, by someone with the latest code and knowledge of the latest advances in security vulnerabilities and exploits, is likely to have some issues.