The shell has an option for automatically granting programs access to the X11 Window System. When this is switched on, a command such as:
xpdf foo.pdf
is equivalent to:
xpdf foo.pdf + ~/.Xauthority => /tmp/.X11-unix
This option is switched off by default because X11 is not secure! X servers provide no isolation between the clients connected to them. One client can read keyboard input that goes to other clients, grab the screen's contents, and feed events to other clients, including keypress events. So potentially, an X client can gain the full authority of the user.
The solution to this will be to write a proxy, through which an X client will connect to the X server, which will prevent it from interfering with other X clients.
How to switch on this option (short version):
Either: From the shell, enter:
plash-opts /x=options 'enable_x11' 'on'
Or: To enable it for all shell sessions, you can create a file "~/.plashrc" file containing this (note the semicolon):
plash-opts /x=options 'enable_x11' 'on';
and start the Plash shell with the command:
plash --rcfile ~/.plashrc
(In order to make it as predictable as possible, Plash doesn't read any options files by default, so you have to specify options files explicitly.)