Re: X server security enhancement (?): "-nolisten tcp"
And thus spake Amos Shapira, on Sun, Nov 22, 1998 at 09:56:42PM +0200:
> Hello,
>
> At least in my case, my desktop machine's X server shouldn't interest
> anyone else on the Internet (I login to it remotely sometimes, using
> ssh, and I access its resident web pages, but I never had to use an X
> application from outside my machine), and I suspect that most people's
> servers might be the same. Would you consider to add a "-nolisten
> tcp" flag as a default configuration?
>
> When I previously suggested to disable rsh/rexec/rlogin/finger and
> their likes as default services my suggestion was shot down by the
> claim that these are essential for people to troubleshoot their
> servers remotely, does anyone think this argument is valid for X as
> well?
Since debian ships out of the box with proper xauth configuration, I
don't think we should have such a non-standard default - an easy way
for novices to add that to the configuration might be useful, though.
--
Elie Rosenblum That is not dead which can eternal lie,
http://www.cosanostra.net And with strange aeons even death may die.
Admin / Mercenary / System Programmer - _The Necromicon_
Reply to: