COMMAND

    X Window System

SYSTEMS AFFECTED

    IRIX 5.3

PROBLEM

    The factory default Xsession  for xdm under /var/X11/xdm  contanst
    a line consisting of:

        # Gives anyone on any host access to this display
        /usr/bin/X11/xhost +

    This  allows  anyone  to  display  aplications  remotely  on  your
    machine, record all keystrokes, and log out anyone running X.  For
    example, using SGI's endsession(1):

        $ /usr/bin/X11/endsession -f

    Or using X11R6 xprop(1):

        $ /usr/bin/X11/xprop -display target.com:0.0 -root -remove _SGI_SESSION_PROPERTY

SOLUTION

    Take those xhost +'es out of everything in /var/X11/xdm.