Re: X Security Issues?
Quoting Edward Guldemond (thedebategod@yifan.net):
> In /etc/X11/xinit/xserverrc, I have the following line:
> exec /usr/bin/X11/X -dpi 100 -nolisten tcp
>
> So why is X still listening on TCP?
Because xdm/kdm/gdm don't heed /etc/X11/xinit/xserverrc, but rather
/etc/X11/xdm/Xservers ?
>> When this is your firewall, you might consider stopping X11 and not
>> using this as a desktop machine at all. Every program running and
>> every tool installed, might be used by an attacker against you.
>
> I realize that, however, since both machines are needed for work, I
> don't really have a choice.
It's not obvious why this necessitates an X11 server on the firewall.
In the unlikely event that you need to run an X11 application from
it, do "ssh -X firewallhost" and image the X11 app onto your
non-firewall workstation.
But suit yourself.
--
Cheers, "Get the facts first. You can distort them later."
Rick Moen -- Mark Twain
rick@linuxmafia.com
Reply to: