[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wdm & security



On Thu, May 24, 2001 at 01:53:46PM +0300, Juha Jäykkä wrote:
>   I am a little concerned about XFree86+wdm keeping a bunch of
> processes listening on port 32768. (wdm is the windowmaker xdm

Hi.  I am the wdm maintainer for Debian.  I haven't been maintaining
this package for too long, and I'm not sure why it listens on port
32768.  I am going to look in to it, because it doesn't seem necessary
to me.  If I find that it is something that can safely be turned off (or
if it's a bug) I will fix it for the next upload.

Interestingly enough, a quick find/grep traversal of the wdm source
indicates that the only code for setting up network listeners comes
directly from the xdm sources without modification at all.  That implies
to me that the listener on port 32768 should be as safe as the standard
xdm listener on port 6000.  But I still don't see why it's there.

> this. Should I trash wdm or what? It's a little sad thing to do since
> it allows me to choose a window manager at login time, something xdm
> does not do (at least didn't last time I checked).

I would not trash wdm just yet.  Let me take a look.  If you're
concerned, you might want to firewall that port using ipchains or
iptables.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpkC2yrXJ3B6.pgp
Description: PGP signature


Reply to: