X Windows question

["Dave Anderson" <dave_(_at_)_daveanderson_(_dot_)_com>]

I've spent some time googling the net and searching the OpenBSD mailing
list archives, man pages, and FAQ, and haven't found anything that
answers this question: what are the security implications of running
the X Windows *client* software on an OpenBSD firewall or server
system?  I remember from years back (and some of the stuff my searching
turned up confirms) that running the X Windows *server* software on
such a system is not a great idea, but I haven't found anything about
the client side.

What I'd like to do, if I can convince myself that it's sufficiently
safe, is to use X Windows freely on my local LAN behind my firewall and
also use SSH with X-forwarding to access my firewall and server systems
from other systems on my local LAN.  The firewall will block X Windows
traffic (as well as everything else not explicitly permitted) on all of
its interfaces.

This also raises the question of exactly what to install on and how to
set up the firewall and server systems to support this.  I clearly want
to set machdep.allowaperture=0 in sysctl.conf since I won't be running
the server software there.  If my inferences from the limited
information I've found are correct, I'll need to select the xbase*.tgz
and xshare*.tgz install sets but none of the other X Windows sets.  Is
this correct?  Is there anything else I need to do on those systems?

Any pointers to places where this is already documented, or direct
answers, will be appreciated.

Thanks,

	Dave

-- 
Dave Anderson
<dave_(_at_)_daveanderson_(_dot_)_com>