Re: X Security Issues?

To: debian-security@lists.debian.org
Subject: Re: X Security Issues?
From: Rick Moen <rick@linuxmafia.com>
Date: Tue, 19 Nov 2002 16:51:03 -0800
Message-id: <[🔎] 20021120005103.GC28592@linuxmafia.com>
In-reply-to: <[🔎] 20021120003139.GA3696@yifan.net>
References: <[🔎] 20021119225938.GA32527@yifan.net> <[🔎] 87n0o5azgo.fsf@goat.bogus.local> <[🔎] 20021120003139.GA3696@yifan.net>

Quoting Edward Guldemond (thedebategod@yifan.net):

> In /etc/X11/xinit/xserverrc, I have the following line:
> exec /usr/bin/X11/X -dpi 100 -nolisten tcp
> 
> So why is X still listening on TCP?

Because xdm/kdm/gdm don't heed /etc/X11/xinit/xserverrc, but rather 
/etc/X11/xdm/Xservers ?

>> When this is your firewall, you might consider stopping X11 and not
>> using this as a desktop machine at all. Every program running and
>> every tool installed, might be used by an attacker against you.
> 
> I realize that, however, since both machines are needed for work, I
> don't really have a choice.

It's not obvious why this necessitates an X11 server on the firewall.
In the unlikely event that you need to run an X11 application from 
it, do "ssh -X firewallhost" and image the X11 app onto your
non-firewall workstation.

But suit yourself.

-- 
Cheers,                     "Get the facts first.  You can distort them later."
Rick Moen                                                     -- Mark Twain
rick@linuxmafia.com

Reply to:

Follow-Ups:
- Re: X Security Issues?
  - From: Edward Guldemond <thedebategod@yifan.net>

References:
- X Security Issues?
  - From: Edward Guldemond <thedebategod@yifan.net>
- Re: X Security Issues?
  - From: Olaf Dietsche <olaf.dietsche#list.debian-security@t-online.de>
- Re: X Security Issues?
  - From: Edward Guldemond <thedebategod@yifan.net>

Prev by Date: Re: X Security Issues?
Next by Date: Re: X Security Issues?
Previous by thread: Re: X Security Issues?
Next by thread: Re: X Security Issues?
Index(es):
- Date
- Thread