[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: X Security Issues?



On Wed, Nov 20, 2002 at 12:53:27AM +0100, Olaf Dietsche wrote:
> > Now, is there any security implications of having this port open?  (I
> > am nmap'ing this box's external Internet interface as it is my ipmasq
> > box.)  If so, what files do I have to edit to get rid of it?  I don't
> > need X listening on this interface.
> 
> This depends on the startup method (and maybe distribution), as you
> already noticed. With xdm (and debian) it is /etc/X11/xdm/Xservers.
> With xinit it is /etc/X11/xinit/xserverrc.
> 
> Look at "man xinit" and "man Xserver". There you will find an option
> "-nolisten".

In /etc/X11/xinit/xserverrc, I have the following line:
exec /usr/bin/X11/X -dpi 100 -nolisten tcp

So why is X still listening on TCP?

> When this is your firewall, you might consider stopping X11 and not
> using this as a desktop machine at all. Every program running and
> every tool installed, might be used by an attacker against you.

I realize that, however, since both machines are needed for work, I
don't really have a choice.  Thanks for your help though.

-- 
------------------------------------------
Edward Guldemond

GPG Key: 0x4E505B0F
Key fingerprint:  4CAC 6740 C1CD 3CE4 6CA0
                  34E9 B3B7 18EC 4E50 5B0F

Attachment: pgprufZiMA01z.pgp
Description: PGP signature


Reply to: