On Sat, 27 Apr 2002, Eliran wrote: > On Sat, Apr 27, 2002 at 12:41:45PM +0300, Yotam Rubin wrote: > > On Sat, Apr 27, 2002 at 12:27:37PM +0300, Eliran wrote: > > > > > So how do I block this the X port or just not LISTENing ?
First of all, the default configuration of X on linux is that any X client that tries to connect to the X server has to know a "cooky". This is a 128bit random value that is normally a random value generated on the startup of the X server. So if all goes well nobody from the internet will be able to cvonnect to your X server even if it is listening on port 6000 and this port is available for the whole internet. Things that can go wrong: 1. you ran something silly like: xhost + (xhost is bad, use xauth unless you really know what you're doing, or use ssh's X forwarding) 2. The X server has a some sort of bug that allows an unauthorized client to do more than intended. XFree 3.3.3 had something like this, IIRC. There can always be another one. 3. An open port is always a call for some sort of DoS attack > > > > Essentially, you invoke X with -nolisten tcp. On my Debian system, > > /etc/X11/xinit/xserverrc is used by the startx script to launch the > > the server. In additional to standard arguments, it should have > > -nolisten tcp in there. > > I run RedHat7.1 in /etc/X11/xinit/ I have: > > -rwxr-xr-x 1 root root 2029 Mar 20 2001 Xclients > -rwxr-xr-x 1 root root 1953 Mar 20 2001 xinitrc > drwxr-xr-x 2 root root 4096 Feb 24 21:38 xinitrc.d > > and xinitrc.d contains: xinput > > The files only contain information about the Window Managers and > nothing about the X server BTW they are all shell scripts for bash/sh. See startx (/usr/X11R6/bin/startx ), which is a shell script as well, and is responsible for adding extra client and generally calls xinit(1) with some extra arguments. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
