xinit/startx should set DISPLAY=unix/:0 rather than just :0
Submitted by Josh Triplett
Assigned to Xorg Project Team
Description
When xinit/startx starts an X server that listens only on UNIX socket, not TCP, it should set DISPLAY=unix/:0 (or unix/:N in general) rather than DISPLAY=:0. That will prevent applications from ever falling back to TCP if the UNIX socket connection fails (such as with the X server stopped or crashed).
Doing so prevents several kinds of problems. In particular, if an application uses seccomp, pledge, or similar to lock itself down and prevent access to AF_INET sockets, the fallback would hit that and kill the application, preventing it from gracefully handling connection failure. (We received a report of this on the XCB list from a BSD developer.) For that matter, since unprivileged users can listen on port 6000, this would avoid connecting to an unexpected different server (perhaps run from a different sandbox/container).