X server security enhancement (?): "-nolisten tcp"
At least in my case, my desktop machine's X server shouldn't interest
anyone else on the Internet (I login to it remotely sometimes, using
ssh, and I access its resident web pages, but I never had to use an X
application from outside my machine), and I suspect that most people's
servers might be the same. Would you consider to add a "-nolisten
tcp" flag as a default configuration?
When I previously suggested to disable rsh/rexec/rlogin/finger and
their likes as default services my suggestion was shot down by the
claim that these are essential for people to troubleshoot their
servers remotely, does anyone think this argument is valid for X as
--Amos Shapira | "Of course Australia was marked for
133 Shlomo Ben-Yosef st. | glory, for its people had been chosen
Jerusalem 93 805 | by the finest judges in England."
ISRAEL email@example.com | -- Anonymous