XAUTHORITY not configured for Xwayland
Submitted by Phillip Susi
Link to original bug (#789867)
Description
The man page for gdm3 states that it creates an XAUTHORITY file in /var/run/gdm3 and sets the environment to point to it. It fails to do so when running Xwayland. Instead, Xwayland is apparently configured to allow connections from any process run by the same UID, without the need for a magic cookie.
This prevents users from running applications as root, and exposes the ability to interfere with one X session from a completely different session on a different head or cron job or some such as long as it uses the same UID. This is not desirable either.
Please restore the proper xauthority configuration under wayland.
Version: 3.26.x