Why are people saying that the X Window System is not secure? The OpenBSD team succeeded with privilege separation in 2003; why didn't the "Linux developers" do this?
To be clear: What security design flaws does X have? Why don't the Linux developers separate privileges in X?
This is a poorly phrased question. For instance, it does not define what is meant by "secure". That makes it harder to provide a useful answer.
Here are three possible security concerns, and how X11 fares:
Isolation between apps. X11 does not isolate apps from each other. If one app is malicious, it can log all keystrokes, tamper with other apps windows, steal the contents of copy/paste buffers, inject keystrokes into other windows, etc. (Windows has similar security properties.)
Preventing privilege escalation. X11 apps run as a non-root user. However, on most platforms the X11 drivers run as root, so they can access the display hardware. This introduces the risk that a malicious app might be able to exploit some security vulnerability in the X11 code and use it to become root. This is a serious risk, because X11 is a complex system with a tremendous amount of code, and all it takes is one security vulnerability anywhere in that code to make a privilege escalation attack possible. This is indeed a concern.
The question refers to privilege separating the X11 code. I do not know how easy or hard this is to do, or how effective OpenBSD's attempt is. However, the aim of privilege separation is to reduce the likelihood of such privilege escalation vulnerabilities.
Enabling remote attacks. If I run X11 on my Linux machine, does that make it easy (or possible) for remote attackers to "hack" my machine? The answer is no. Remote attackers have no way to access or talk to X11, so running X11 on my machine does not make my machine insecure.
All in all, I would say that X11 does pose some security risks, but they are relatively minor, compared to the risks you are already accepting when you use any desktop OS. In the desktop world, every app you run already must be completely trusted (since any one rogue app you run has access to all your files and everything, and can ruin your life); X11 does not make this fact any worse.
Therefore, I would not hesitate to use X11, at least not on security grounds. If you find X11 useful, go ahead and use it.
According to one report the X Windows System had an application separation issue, but not a major issue where it is usually deployed.
As others have posted, the question asks the wrong question, especially as X Windows predates Linux. Linux is just the most visible target for flamebait.
On the application isolation issue:
On the web the most relevant article seems to be: Security Watch which references Joanna Rutkowska's Blog
Apparently there is no inherent isolation between gui applications on x windows.
Which doesn't mean too much in a Libre software system but much more when including software from many other providers on the one system.
Note: It seems as if in normal operation every application can see for as an example the password entered into sudo/xterm and every other thing on the gui.
It seems to be accurate, but I have not tested it myself, Joanna gives an example of it on her blog.
She is also trying to sell a product to fix it LOL.
I think the issue here is that any software you run on your system presents a security risk. The larger the software and the more privilege it requires, the greater the risk. The rule of thumb for running a secure system is to only install and run the absolute bare minimum of what's required for the system to do it's job. If you are using Linux as a desktop OS, then yes X11 makes a lot of sense. Many, many, Linux systems are servers that probably never have a display connected. It's not so much that running X11 is not secure, it's more like it's less secure than not running it.
The question claims that "people are saying that X-windows is not secure". I see no evidence for this claim. I'm not familiar with anyone who is saying that. Wikipedia doesn't say that X-windows is insecure. I say it is BS.
(I know you posted some links in the comments on the question, but none of them say "X-windows is insecure". You have mischaracterized what they say. Please read more carefully in the future, and don't put words in people's mouth.)
Of course, if you want to be nitpicky, I realize you can probably find someone, somewhere, who is saying that X-windows is insecure. Heck, you can pick pretty much any statement you want, and I bet you can find someone, somewhere, who is saying that. But who cares? Even if someone is saying it, why should I care? I don't care what people are saying. People say dumb or uninformed stuff all the time. You shouldn't care about that stuff, either. You should care about the technical facts.
So don't ask about "why people are saying blah". Instead, ask about the facts. For instance, a much better question would be "Is X-windows a security threat?". Or maybe you ask a narrower question. The point is, don't waste people's time. If you want to get good answers, start by asking a good question.
