libXfont -- permission bypass when opening files through symlinks
the freedesktop.org project reports:
A non-privileged X client can instruct X server running under root
to open any file by creating own directory with "fonts.dir",
"fonts.alias" or any font file being a symbolic link to any other
file in the system. X server will then open it. This can be issue
with special files such as /dev/watchdog.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright