What security holes are associated with X-windows (and other WMs)?

Lots, some which affect use of X only, and some which impact the security of the entire host system.

I would prefer not to go into too much detail here, and would refer any reader reader looking for detailed information to the other FAQ's in relevant newsgroups. (comp.windows.*)

One point I will make is that X is one of those packages which often generates "Incompatible Usage" security problems, for instance the ability for crackers to run xsessions on hosts under accounts with no password (eg: sync), if it is improperly set up. Read the question about unpassworded accounts in this FAQ.