#2519: Xorg-server optional security concern
-------------------------------------+--------------------------------------
 Reporter:  [EMAIL PROTECTED]  |        Owner:  [email protected]
     Type:  task                     |       Status:  new                       
    
 Priority:  normal                   |    Milestone:  future                    
    
Component:  BOOK                     |      Version:  SVN                       
    
 Severity:  normal                   |   Resolution:                            
    
 Keywords:                           |  
-------------------------------------+--------------------------------------
Comment (by [EMAIL PROTECTED]):

 Suggested text for the book:

 By default, the X server (started with the startx command) listens on a
 unix-domain socket for local connections and also on TCP port 6000 for
 remote connections. Unauthenticated remote TCP connections are rejected by
 default, but it is more secure to disable the TCP socket completely, just
 in case if a remotely-exploitable bug is found in the future in the code
 that checks the authentication cookie. If you wish to do so, create the
 /etc/X11/xinit/xserverrc file that is read by the xinit program, and thus
 indirectly used by startx:

 {{{
 cat >/etc/X11/xinit/xserverrc <<"EOF"
 #!/bin/sh
 exec /usr/bin/X -nolisten tcp
 EOF
 chmod 755 /etc/X11/xinit/xserverrc
 }}}

 You can also use the /etc/X11/xinit/xserverrc file to add other default
 arguments to the X server command line.

 FIXME: explain how to pass the "-nolisten tcp" arguments with gdm, kdm and
 xdm.

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2519#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to