[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: wdm & security

"Ed" == Ed Street <blacknet@phenixcable.net> writes:
> Hello, If memory serves me correctly there's a line in /etc/X11 that
> you can add/modify to tell it to NOT lissen.

  startx -- -nolisten tcp

will have the effect.  However, there doesn't seem to be a global
setting that will enforce it system-wide, short of aliasing startx to
that command.

When some X11 vulnerabilities were found in this area last year, the
reporter suggested that desktop installs of X11 systems should enable
this option as default.  This would be nice to see added to debian, if
only as part of the perennially-discussed task-harden.  Doesn't even
effect remote xsessions, as you should be using ssh to tunnel your
sessions anyway.


Reply to: