master 99f4c17615: Modernise the security section in the efaq a bit

[Lars Ingebrigtsen]

branch: master
commit 99f4c17615c9c8461d30916cbd3ce1a3e93a3aa9
Author: Lars Ingebrigtsen <larsi@gnus.org>
Commit: Lars Ingebrigtsen <larsi@gnus.org>

    Modernise the security section in the efaq a bit
    
    * doc/misc/efaq.texi (Security risks with Emacs): Remove the X
    bit, and add a bit about browsing the web (bug#24489).
---
 doc/misc/efaq.texi | 55 ++++++------------------------------------------------
 1 file changed, 6 insertions(+), 49 deletions(-)

diff --git a/doc/misc/efaq.texi b/doc/misc/efaq.texi
index ed8a919ac7..5d4d378d82 100644
--- a/doc/misc/efaq.texi
+++ b/doc/misc/efaq.texi
@@ -3376,56 +3376,13 @@ bottom of files by setting the variable 
@code{enable-local-eval}.
 @xref{File Variables,,, emacs, The GNU Emacs Manual}.
 
 @item
-Synthetic X events.  (Yes, a risk; use @samp{MIT-MAGIC-COOKIE-1} or
-better.)
-
-Emacs accepts synthetic X events generated by the @code{SendEvent}
-request as though they were regular events.  As a result, if you are
-using the trivial host-based authentication, other users who can open X
-connections to your X workstation can make your Emacs process do
-anything, including run other processes with your privileges.
-
-The only fix for this is to prevent other users from being able to open
-X connections.  The standard way to prevent this is to use a real
-authentication mechanism, such as @samp{MIT-MAGIC-COOKIE-1}.  If using
-the @code{xauth} program has any effect, then you are probably using
-@samp{MIT-MAGIC-COOKIE-1}.  Your site may be using a superior
-authentication method; ask your system administrator.
-
-If real authentication is not a possibility, you may be satisfied by
-just allowing hosts access for brief intervals while you start your X
-programs, then removing the access.  This reduces the risk somewhat by
-narrowing the time window when hostile users would have access, but
-@emph{does not eliminate the risk}.
-
-On most computers running Unix and X, you enable and disable
-access using the @code{xhost} command.  To allow all hosts access to
-your X server, use
+Browsing the web.
 
-@example
-xhost +
-@end example
-
-@noindent
-at the shell prompt, which (on an HP machine, at least) produces the
-following message:
-
-@example
-access control disabled, clients can connect from any host
-@end example
-
-To deny all hosts access to your X server (except those explicitly
-allowed by name), use
-
-@example
-xhost -
-@end example
-
-On the test HP computer, this command generated the following message:
-
-@example
-access control enabled, only authorized clients can connect
-@end example
+Emacs relies on C libraries to parse images, and historically, many of
+these have had exploitable weaknesses.  If you're browsing the web
+with the eww browser, it will usually download and display images
+using these libraries.  If an image library has a weakness, it may be
+used by an attacker to gain access.
 
 @end itemize