Re: Hamm Bug Stamp-Out List now on www
Branden Robinson <email@example.com> wrote:
> On Wed, Jul 08, 1998 at 01:57:40PM -0400, Raul Miller wrote:
> > Hmm... I'm puzzling over bugs 22877 and 22878.
> > First, that xdm leaves the socket open is a bug, but it isn't a
> > release-critical bug. Applications that don't know about the socket
> > (that is, everthing but xbase) will, in general, ignore it entirely.
> > Second, that xbase has the socket open is a security bug, simply because
> > it's an undocumented service (XDMCP is documented as using UDP port 177,
> > so it can't be that).
> Well, I'd say that "second" overrides "first". Because it's a security
> bug, it's a bug in general. And security bugs are always of severity
> important or greater.
I've looked at this a bit more.
xdm opens two sockets, a udp socket (port 177) for xdmcp, and a tcp
socket (random port) for the chooser. This happens in socket.c in
I believe that the XDMCP protocol is used to advertise whatever port
It looks like a call to DestroyWellKnownSockets() should be added
to CleanUpChild in xdm's util.c -- that takes care of the initial
I chouldn't find much documentation on the chooser -- why it needed
xdm to listen to some random port. The best documentation I could
find was the xdm man page, and it didn't say much on the topic of
non-local choosers. My guess is that this was written this way
because some operating systems don't have pipes, and this code
was written to be portable to very sludgy systems.
Looking at the source, in choose.c there's ProcessChooserSocket
which seems to be the only thing that deals with traffic on
this socket. It pulls some address information out and calls
RegisterIndirectChoice... I suppose I could delve further, but
since maybe my time would be better spent grepping through
the x books...
Does any of this ring a bell? Am I completely wasting my time?
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com