: Still, there is a significant gap between sniffing/denial of service and : executing shell commands. From what I've seen, security-conscious X : clients (such as xterm) have traditionally made sure they ignored : syntetic keyboard events, and didn't provide any kind of shell-capable : remote X interface. Well, that's true iff the events are marked as synthetic. I have seen X servers that neglect to mark events as synthetic if you do an XSendEvent w/o setting the synthetic field to be true. I once saw a semonstration of the so-called secure xterm mechanisms where the terminal was remotely controlled (yes, the secure bits were set, and we double checked the same program on a different X server and it worked like the authors had intended). This was in the R2 server time frame, so maybe things have changed somewhat since then. Warner