What prevents you from reading the Xauthority cookie out of disk / an existing process's environment / out of an existing process's memory / etc.? You need a sandbox to prevent it fro doing these things, which is certainly doable, but much harder than just opening a new X server.
(On a system without Yama enabled, you can also ptrace any other process running as the same user and run code as it, e.g., using gdb, but lots of desktop-focused Linux distros enable Yama to close this particular approach.)
> What prevents you from reading the Xauthority cookie out of disk / an existing process's environment / out of an existing process's memory / etc.?
The sandbox does.
> You need a sandbox to prevent it fro doing these things, which is certainly doable, but much harder than just opening a new X server.
Of course. I never said simply running a new X server is sufficient. All I asked is if the sandbox needed to run the program in a separate user account.
(On a system without Yama enabled, you can also ptrace any other process running as the same user and run code as it, e.g., using gdb, but lots of desktop-focused Linux distros enable Yama to close this particular approach.)