This is irritating if nothing else. Why should a user be able to telnet in, type "startx", and affect the console? As a quick hack around this "Xwrapper" could be modified to reject the request to start up X unless the process in on a virtual console (tty1 etc.)
This isn't a real security problem per se. I've had occasion to use this 'feature' in the past.
If we have time, we may implement a check for if the user is on the console for 6.0, but it really isn't a security concern. If someone does this to you, you call them up and get mad at them. :) If it doesn't make 6.0, it will make post-6.0.
In particular, when this happens, it will be done by pamifying xwrapper and making it authenticate against pam_console by default. Then folks can add whatever other authentication they want -- like pam_time, for example...
OK, I got time I didn't expect so I did this in time for 6.0 :-) Now sysadmins can set their own policy here without recompiling. Preston, go ahead and close this once the code is built into our XFree86 package.
This will be included in XFree86-3.3.3.1-40 and later.