#2519: Xorg-server optional security concern
-------------------------------------+--------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: [email protected]
Type: task | Status: new
Priority: normal | Milestone: future
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------------------+--------------------------------------
Comment (by [EMAIL PROTECTED]):
Suggested text for the book:
By default, the X server (started with the startx command) listens on a
unix-domain socket for local connections and also on TCP port 6000 for
remote connections. Unauthenticated remote TCP connections are rejected by
default, but it is more secure to disable the TCP socket completely, just
in case if a remotely-exploitable bug is found in the future in the code
that checks the authentication cookie. If you wish to do so, create the
/etc/X11/xinit/xserverrc file that is read by the xinit program, and thus
indirectly used by startx:
{{{
cat >/etc/X11/xinit/xserverrc <<"EOF"
#!/bin/sh
exec /usr/bin/X -nolisten tcp
EOF
chmod 755 /etc/X11/xinit/xserverrc
}}}
You can also use the /etc/X11/xinit/xserverrc file to add other default
arguments to the X server command line.
FIXME: explain how to pass the "-nolisten tcp" arguments with gdm, kdm and
xdm.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2519#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page