Re: X Security Issues?

[Olaf Dietsche <olaf.dietsche#list.debian-security@t-online.de>]

Edward Guldemond <thedebategod@yifan.net> writes:

> Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
> Interesting ports on (removed) (XX.XX.XXX.XX):
> (The 1552 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh
> 1024/tcp   open        kdm
[...]
> Port       State       Service
> 22/tcp     open        ssh
[...]
> Port       State       Service
> 22/tcp     open        ssh
> 6000/tcp   open        X11

You can see open ports with "netstat -atuw", too.

> Now, is there any security implications of having this port open?  (I
> am nmap'ing this box's external Internet interface as it is my ipmasq
> box.)  If so, what files do I have to edit to get rid of it?  I don't
> need X listening on this interface.

This depends on the startup method (and maybe distribution), as you
already noticed. With xdm (and debian) it is /etc/X11/xdm/Xservers.
With xinit it is /etc/X11/xinit/xserverrc.

Look at "man xinit" and "man Xserver". There you will find an option
"-nolisten".

When this is your firewall, you might consider stopping X11 and not
using this as a desktop machine at all. Every program running and
every tool installed, might be used by an attacker against you.

Regards, Olaf.