RE: wdm & security
If memory serves me correctly there's a line in /etc/X11 that you can
add/modify to tell it to NOT lissen.
From: Noah L. Meyerhans [mailto:email@example.com]
Sent: Thursday, May 24, 2001 10:47 AM
To: Debian Security List
Subject: Re: wdm & security
On Thu, May 24, 2001 at 01:53:46PM +0300, Juha Jäykkä wrote:
> I am a little concerned about XFree86+wdm keeping a bunch of
> processes listening on port 32768. (wdm is the windowmaker xdm
Hi. I am the wdm maintainer for Debian. I haven't been maintaining
this package for too long, and I'm not sure why it listens on port
32768. I am going to look in to it, because it doesn't seem necessary
to me. If I find that it is something that can safely be turned off (or
if it's a bug) I will fix it for the next upload.
Interestingly enough, a quick find/grep traversal of the wdm source
indicates that the only code for setting up network listeners comes
directly from the xdm sources without modification at all. That implies
to me that the listener on port 32768 should be as safe as the standard
xdm listener on port 6000. But I still don't see why it's there.
> this. Should I trash wdm or what? It's a little sad thing to do since
> it allows me to choose a window manager at login time, something xdm
> does not do (at least didn't last time I checked).
I would not trash wdm just yet. Let me take a look. If you're
concerned, you might want to firewall that port using ipchains or
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html