I made a patch, which enables SHMConfig by default.
Although this comes with a drawback: this option works in the way of allocating a shared memory for the configuration options. But this memory must have permissions set to 777, otherwise the logged in (usually non-root) user won't be able to change it's settings. So this way any local user logged in to X is able to change the settings.
I can't consider this as a vulnerability.
So here it comes:
I made a patch, which enables SHMConfig by default.
Although this comes with a drawback: this option works in the way of allocating a shared memory for the configuration options. But this memory must have permissions set to 777, otherwise the logged in (usually non-root) user won't be able to change it's settings. So this way any local user logged in to X is able to change the settings.
I can't consider this as a vulnerability.
Please apply my patch, if possible.