Re: X & tcp listening
On Fri, Jun 01, 2001 at 10:25:24PM +0200, Tomasz Olszewski wrote:
> OK, I mentioned both startx and xinit but when I was talking about
> ignoring the global xinitrc I reffered to xinit (because startx was
> already not a problem).
Oh ok.
P.S. if you do modify the startx script it will be over-written on
upgrades as I mentioned in another message, or, you can use dpkg-divert
as another poster has suggested.
> Who will guarantee that the an user will use an alias ;)?
Right -- but then we come back to the part about "what is preventing
them from opening any tcp port.. or running X directly.. etc.." :)
Fwiw, stateful filtering (don't allow anything in that is not part of an
outbound connection), or filtering out syn packets (ipchains with -y),
or using a restricted shell with a wisely-chosen and prepared $PATH
would get you out of this bind.
Or all of the above. ;)
Reply to: