[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: X server security enhancement (?): "-nolisten tcp"

And thus spake Amos Shapira, on Sun, Nov 22, 1998 at 09:56:42PM +0200:
> Hello,
> At least in my case, my desktop machine's X server shouldn't interest
> anyone else on the Internet (I login to it remotely sometimes, using
> ssh, and I access its resident web pages, but I never had to use an X
> application from outside my machine), and I suspect that most people's
> servers might be the same.  Would you consider to add a "-nolisten
> tcp" flag as a default configuration?
> When I previously suggested to disable rsh/rexec/rlogin/finger and
> their likes as default services my suggestion was shot down by the
> claim that these are essential for people to troubleshoot their
> servers remotely, does anyone think this argument is valid for X as
> well?

Since debian ships out of the box with proper xauth configuration, I
don't think we should have such a non-standard default - an easy way
for novices to add that to the configuration might be useful, though.

Elie Rosenblum                 That is not dead which can eternal lie,
http://www.cosanostra.net   And with strange aeons even death may die.
Admin / Mercenary / System Programmer               - _The Necromicon_

Reply to: