Modernise the security section in the efaq a bit

* doc/misc/efaq.texi (Security risks with Emacs): Remove the X
bit, and add a bit about browsing the web (bug#24489).

diff --git a/doc/misc/efaq.texi b/doc/misc/efaq.texi
index ed8a919ac7e2de124d2ff1d8d3f91788ca59c9ad..5d4d378d82abe1e46a67aab9d255f21b6cedf690 100644 (file)
--- a/doc/misc/efaq.texi
+++ b/doc/misc/efaq.texi
@@ -3376,56 +3376,13 @@ bottom of files by setting the variable @code{enable-local-eval}.
 @xref{File Variables,,, emacs, The GNU Emacs Manual}.
 
 @item
-Synthetic X events.  (Yes, a risk; use @samp{MIT-MAGIC-COOKIE-1} or
-better.)
-
-Emacs accepts synthetic X events generated by the @code{SendEvent}
-request as though they were regular events.  As a result, if you are
-using the trivial host-based authentication, other users who can open X
-connections to your X workstation can make your Emacs process do
-anything, including run other processes with your privileges.
-
-The only fix for this is to prevent other users from being able to open
-X connections.  The standard way to prevent this is to use a real
-authentication mechanism, such as @samp{MIT-MAGIC-COOKIE-1}.  If using
-the @code{xauth} program has any effect, then you are probably using
-@samp{MIT-MAGIC-COOKIE-1}.  Your site may be using a superior
-authentication method; ask your system administrator.
-
-If real authentication is not a possibility, you may be satisfied by
-just allowing hosts access for brief intervals while you start your X
-programs, then removing the access.  This reduces the risk somewhat by
-narrowing the time window when hostile users would have access, but
-@emph{does not eliminate the risk}.
-
-On most computers running Unix and X, you enable and disable
-access using the @code{xhost} command.  To allow all hosts access to
-your X server, use
+Browsing the web.
 
-@example
-xhost +
-@end example
-
-@noindent
-at the shell prompt, which (on an HP machine, at least) produces the
-following message:
-
-@example
-access control disabled, clients can connect from any host
-@end example
-
-To deny all hosts access to your X server (except those explicitly
-allowed by name), use
-
-@example
-xhost -
-@end example
-
-On the test HP computer, this command generated the following message:
-
-@example
-access control enabled, only authorized clients can connect
-@end example
+Emacs relies on C libraries to parse images, and historically, many of
+these have had exploitable weaknesses.  If you're browsing the web
+with the eww browser, it will usually download and display images
+using these libraries.  If an image library has a weakness, it may be
+used by an attacker to gain access.
 
 @end itemize