Originally Posted by Wikipedia
The server and some of the default applications are patched for privilege separation and other enhancements, and OpenBSD provides an "aperture" driver to limit X's access to memory. However, after recent work on X security flaws by Loïc Duflot, Theo de Raadt commented that the aperture driver was merely "the best we can do" and that X "violates all the security models you will hear of in a university class.
Hello I'm new here. Anyway, I was looking at this wondering basically, how good is "the best we can do" in a practical sense? Are there better alternatives to run on OpenBSD or should I just not use anything like that at all?