[mikedelfino]

Doesn't Xauthority solve this? I thought we could use xauth to generate an unprivileged cookie and launch the program using it. Then it could not meddle with other X clients or even the clipboard.

Of course you should also prevent the program from reading the original privileged Xauthority data. Running it as a different user does the trick.

[vbernat]

Xauthority isn't fine-grained. Once you get a cookie, you haven't any restriction to what you can do with the X server.

[mikedelfino]

We could generate an "untrusted" cookie. This prevents clients using it from meddling with "trusted" clients.

It's not really fine grained and also doesn't prevent untrusted clients from meddling with one another, but seems like a starting point for someone inclined to add more security to X.