RE: wdm & security

To: "Ed Street" <blacknet@phenixcable.net>
Cc: "Noah L. Meyerhans" <frodo@morgul.net>, "Debian Security List" <debian-security@lists.debian.org>
Subject: RE: wdm & security
From: Steve <tarka@zip.com.au>
Date: Fri, 25 May 2001 18:00:09 +1000
Message-id: <15118.4361.328029.557528@colderidge.tarka.org>
In-reply-to: <GCEGLPFGDCACHENIJHDDIEPNCCAA.blacknet@phenixcable.net>
References: <20010524104728.B12816@morgul.net> <GCEGLPFGDCACHENIJHDDIEPNCCAA.blacknet@phenixcable.net>

"Ed" == Ed Street <blacknet@phenixcable.net> writes:
> Hello, If memory serves me correctly there's a line in /etc/X11 that
> you can add/modify to tell it to NOT lissen.

  startx -- -nolisten tcp

will have the effect.  However, there doesn't seem to be a global
setting that will enforce it system-wide, short of aliasing startx to
that command.

When some X11 vulnerabilities were found in this area last year, the
reporter suggested that desktop installs of X11 systems should enable
this option as default.  This would be nice to see added to debian, if
only as part of the perennially-discussed task-harden.  Doesn't even
effect remote xsessions, as you should be using ssh to tunnel your
sessions anyway.

Steve

Reply to:

Follow-Ups:
- RE: wdm & security
  - From: John Galt <galt@inconnu.isu.edu>
- RE: wdm & security
  - From: Juha Jäykkä <juolja@utu.fi>

References:
- Re: wdm & security
  - From: "Noah L. Meyerhans" <frodo@morgul.net>
- RE: wdm & security
  - From: "Ed Street" <blacknet@phenixcable.net>

Prev by Date: Re: Problem with logging firewall packets
Next by Date: Re: strange log entry
Previous by thread: RE: wdm & security
Next by thread: RE: wdm & security
Index(es):
- Date
- Thread