This is definitively not a full documentation but rather some random
notes that did not fit into the source code...

When a new connection is detected, an IN_CONN structure is created and
a dialog is shown. DENY will close the connection, ACCEPT will create
a CONN structure and start the normal work. While the dialog is up, no
byte is read from the X client.

When the user activates an entry in the list (double-clic or clic plus
Enter), a dialog is shown asking for confirmation. DENY will destroy
the connection, ACCEPT will let it live. While the dialog is up, the
connection is frozen.

When the users selects an entry and presses the mouse button 3, a
popup appears. The popup allows to change some flags (frozen, checked,
safe), display an info box describing what is known about the
connection, or kill the connection (same behaviour as the
double-clic).

Here are the flags attached to a connection:
 - frozen: no I/O is done
 - checked: all X client requests are inspected
 - safe: all X client requests are inspected and the safe action
(usually a NoOp) is done by deafult without bothering the user

With safe+checked, all dubious requests are replaced ni NoOp
packets. With safe without checked, all the dubious requests except
the internal ones (grabs, see AL_INTERNAL) are replaced by NoOp
packets.

When a dubious X request is found (and the checked flag is on), a
dialog is shown allowing to ALLOW it, KILL the connection or replace
the request by a NOOP. While the dialog is up, the connection is
frozen.

The only thing printed to stdout is the created pseudo-display when
-verbose is used. Everything else goes to stderr. This allows to put
in ~/.xsession something like:
	XDISPLAY=`mxconns -verbose -fork -hunt`
The error (and debugging messages) will go the Xsession log file...

FEATURES
========

With fvwm at least, iconifying the list window iconifies all the
dialog windows.

X REQUEST INSPECTION
====================

When the checked flag is on, all X request are inspected. Here are the
things to look for.

Obvious security threats:
 - modifying the X acces control list [ChangeHosts]
 - disabling the X acces control list [SetAccessControl]
 - reading the access control list [ListHosts]

Other security threats:
 - scanning the keyboard to record keystrokes [QueryKeymap]
 - subscribing to receive key press events for foreign windows [ChangeWindowAttributes]
 - modifying the keyboard mappings to make the user type random things [ChangeKeyboardMapping]
 - modifying the X resources (e.g. xterm translations)
   [ChangeProperty/root window/XA_RESOURCE_MANAGER]
 - sending fake events [SendEvent]

Other things (more privacy, NotYetImplemented):
 - reading the screen contents (a la xwd) [GetImage]
 - reading the properties (for instance of the root window) [GetProperty]

Other things (more denial of service, NotYetImplemented):
 - destroying a foreign window [KillClient]
 - making the X server beep [Bell]
 - modifying global settings like screen saver, key repeat rate...

Other things (interfering with mxconns):
 - grabbing the server[GrabServer], keyboard[GrabKeyboard], key[GrabKey]
   pointer[GrabPointer] or button[GrabButton]

Nice side effects: untrusted X clients cannot
 - make netscape do something (see netscape-remote)
 - make Tk/Tcl execute any command (see property InterpRegistry)

EXAMPLES
========

If you try to make netscape do something (with the -remote option)
through mxconns, you get:
 alrt: ChangeWindowAttributes window=0x03C0023E mask=0x800
       argument 11 (EventMask) is 0x00420000
 alrt: ChangeProperty mode=Replace[0] window=0x03C0023E prop=_MOZILLA_LOCK[237]
 alrt: ChangeProperty mode=Replace[0] window=0x03C0023E prop=_MOZILLA_COMMAND[238]

xengine runs through mxconns (checks enabled) at 766 rpm with UNIX
sockets, 353 with TCP without mxconns it's roughly 860...
