:-D I haven't checked Wayland, it may be way simpler! I'm just saying that X doesn't seem hard to wrap my head around.

I'll check it out soon! Worst case I break my desktop env and I use timeshift to rollback. :-)

When you say "hand over to the normal user" what do you mean? Who is the normal user? Do you mean that GDM somehow start a new X under the user that just logged in?

Yes, that's right.

Check

ps -C Xorg -o user

^ That will show root under SLiM but under GDM or after startx it will show your normal, non-root, user.

This security improvement was pioneered by OpenBSD, who take it a stage further and run X under a chrooted special user.

A bigger active code base and so more potential bugs and vulnerabilities. But I may be unduly cynical in that respect.

Yes.

Is that a joke? IMO Wayland is simpler than X.

Look it up. Many opinions are available.

Wayland is intended to replace X. X can be run under Wayland for backwards compatibility.

Multiple graphical users can be logged into Wayland compositors at the same time.

I think SLiM should allow that but it's been dead upstream for almost ten years now and it doesn't support login sessions correctly so you really shouldn't use it at all.

GNOME offers a Wayland version OOTB. I think a Wayland Plasma (KDE) option can be added with the qtwayland5 package.

When you say "hand over to the normal user" what do you mean? Who is the normal user? Do you mean that GDM somehow start a new X under the user that just logged in? (I'm assuming the X for the login screen of GDB runs as root, right?)

I can do startx after logging in on a console, that's fine by me. Do I gain something by having a graphical login screen? (I'm also curious, does startx do the cookie generation (.Xauthority) when it's run?

I need to research Wayland. I've known it by name and that it's a replacement for X but I know nothing beyond that. X seems like a relatively simple program to understand how it works in terms of who can do what, notwithstanding my ignorance on where the socket even is in the first post above. If I understand it correctly, If X is started (by slim in my case) and given the cookie of a user, no other user will be able to connect to that X anyhow. So what  extra does Wayland offer? Is the benefits of Wayland usable only when I have multiple graphical users logged into one X at the same time? And I guess with slim I can't have multiple graphically logged in users.

I've always wanted to try a tiling manager but I don't know if it will be worth it on a laptop screen. I'll check sway out. I was thinking of trying ratpoison at some point too.

If you're wedded to a display manager then GDM will hand over X to the normal user rather than root but I would just use plain old startx from a console login.

Only against local attackers using the same machine while you are at the desktop. Seems unlikely.

One of Wayland's selling points is user isolation in respect of keyboard input. Have you considered it? I use sway and it's wonderful IMO.

Here's what I have right now:

/etc$ grep -R nolisten 2>/dev/null 
slim.conf:xserver_arguments   -nolisten tcp -nolisten local
X11/xinit/xserverrc:exec /usr/bin/X -nolisten tcp -nolisten local "$@"

But why are these sockets enabled by default? Are my assumptions wrong? I think I've read that the abstract socket is used by Snap but is that all? Am I actually hardening my system when I disable them?

EDIT: I did a bit more research and I realized that the X unix socket is /tmp/.X11-unix/X0 which is world writable. I'm trying to figure out how to change this, I don't have other users that need X so I think it'll be ok to limit it to just my user (and root).

EDIT2: I now saw how the MIT-cookies work but I'm still trying ot figure out the exact lifecycle of X. How does slim show up in my screen if I still haven't logged in but I then end up having the cookie to connect to X? In any case my initial question still stands, why keep the abstract and network socket around?