RE: wdm & security
On Fri, 25 May 2001, Steve wrote:
>"Ed" == Ed Street <blacknet@phenixcable.net> writes:
>> Hello, If memory serves me correctly there's a line in /etc/X11 that
>> you can add/modify to tell it to NOT lissen.
>
> startx -- -nolisten tcp
>
>will have the effect. However, there doesn't seem to be a global
>setting that will enforce it system-wide, short of aliasing startx to
>that command.
>
>When some X11 vulnerabilities were found in this area last year, the
>reporter suggested that desktop installs of X11 systems should enable
>this option as default. This would be nice to see added to debian, if
>only as part of the perennially-discussed task-harden. Doesn't even
>effect remote xsessions, as you should be using ssh to tunnel your
>sessions anyway.
You don't read the debconf warnings much, do you? xserver-* has been
warning potential installers that it doesn't listen on TCP for about a
year now if memory serves...
>Steve
>
>
>--
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
You have paid nothing for the preceding, therefore it's worth every penny
you've paid for it: if you did pay for it, might I remind you of the
immortal words of Phineas Taylor Barnum regarding fools and money?
Who is John Galt? galt@inconnu.isu.edu, that's who!
Reply to: