On Mon, Nov 29, 1999 at 10:53:13PM -0800, Ryan Murray wrote: > gdm has had XDMCP listening enabled by default. I'm wondering if we > should make it default to off again, and people who need XDMCP will > have to turn it on themselves? Or perhaps I should debconfize gdm so > that this setting is saved, with the default being off? Currently GDM > is supposed to start up server :1 on the first available VT. Whatever you do, please ensure that gdm ships with XDMCP listening off by default. It has been pointed out that any buffer overruns or similar vulnerabilities are much easier to exploit remotely if you've got a TCP port leading to them. That's why I turned it off in xdm a while back. > I'm thinking that disabling XDMCP in every dm is better for a default, > myself. I agree. > People wanting to serve XDMCP will probably know they need to set it up, > and people who don't know about it and just want X running, won't have > the extra port opened to the world. Exactly. > gdm and xdm could race for VT7 with both installed, however. We could > force gdm to a certain VT (ie, 8), but that has already been done and it > was found that people have extra getty's already running there. This is not an easy problem to solve. Bugs were outstanding for years against xdm because it would get in fights with getty over VT2. (On fast machines, xdm would manage to start before getty got its own paws on VT's 2 through 6). /etc/inittab is of course the right place to put things that want to tie themselves to VT's. We should either migrate the display managers to using it, or come up with a way to stick "placeholders" on particular VT's that yield when a particular process wants them. -- G. Branden Robinson | Men use thought only to justify their Debian GNU/Linux | wrong doings, and speech only to conceal branden@ecn.purdue.edu | their thoughts. cartoon.ecn.purdue.edu/~branden/ | -- Voltaire
Attachment:
pgpF9cqIiBCiw.pgp
Description: PGP signature