John: I think we probably need to backport the ORBit2 patch to S10U
since it affects Secure-By-Default requirements.
Attached patch resolves Secure By Default Requirements. I think the
ChangeLog entry explains it:
2007-04-04 Brian Cameron <brian.cameron at sun.com>
* base-specs/ORBit2.spec, patches/ORBit2-01-secureports.diff: Make
sure to bind the socket when using IPv4 and IPv6 since this is
needed for Secure-By-Default requirements to be met. Without this
when you run "netstat -a" you see that all the GNOME sockets are
listening wide open on the internet even when ORBLocalOnly=1 in
/etc/orbitrc. After this change, you see that the ports are
listed properly with "localhost.####" in the "Local Address" column.
This indicates Secure By Default is working.
* patches/gdm-10-desktop.diff: Fix gdmflexiserver-xnest desktop
file so the label says "New Login in a Window" rather than
"New Login in a Nested Window" to match UI spec.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: orbit-secure.diff
Type: text/x-patch
Size: 3562 bytes
Desc: not available
URL:
<http://mail.opensolaris.org/pipermail/jds-review/attachments/20070404/e77082d5/attachment.bin>
