On Sat, Apr 27, 2002 at 01:48:07PM +0300, Tzafrir Cohen wrote: > On Sat, 27 Apr 2002, Eliran wrote: > > > On Sat, Apr 27, 2002 at 12:41:45PM +0300, Yotam Rubin wrote: > > > On Sat, Apr 27, 2002 at 12:27:37PM +0300, Eliran wrote: > > > > > > > So how do I block this the X port or just not LISTENing ? > > First of all, the default configuration of X on linux is that any X client > that tries to connect to the X server has to know a "cooky". This is a > 128bit random value that is normally a random value generated on the > startup of the X server. So if all goes well nobody from the internet will > be able to cvonnect to your X server even if it is listening on port 6000 > and this port is available for the whole internet. > > Things that can go wrong: > > 1. you ran something silly like: > > xhost + > > (xhost is bad, use xauth unless you really know what you're doing, or > use ssh's X forwarding) > > 2. The X server has a some sort of bug that allows an unauthorized client > to do more than intended. XFree 3.3.3 had something like this, IIRC. > There can always be another one. > > 3. An open port is always a call for some sort of DoS attack
So that means I shouldn't worry ? I run Xfree 4, and I am sure not interested in letting others connect to my X server... > > > > > > > Essentially, you invoke X with -nolisten tcp. On my Debian system, > > > /etc/X11/xinit/xserverrc is used by the startx script to launch the > > > the server. In additional to standard arguments, it should have > > > -nolisten tcp in there. > > > > I run RedHat7.1 in /etc/X11/xinit/ I have: > > > > -rwxr-xr-x 1 root root 2029 Mar 20 2001 Xclients > > -rwxr-xr-x 1 root root 1953 Mar 20 2001 xinitrc > > drwxr-xr-x 2 root root 4096 Feb 24 21:38 xinitrc.d > > > > and xinitrc.d contains: xinput > > > > The files only contain information about the Window Managers and > > nothing about the X server BTW they are all shell scripts for bash/sh. > > See startx (/usr/X11R6/bin/startx ), which is a shell script as well, and > is responsible for adding extra client and generally calls xinit(1) with > some extra arguments. > > -- > Tzafrir Cohen > mailto:[EMAIL PROTECTED] > http://www.technion.ac.il/~tzafrir > > > -- <a href="http://eg-site.tripod.com";>Eliran</a> Where rights secured by the Constitution are involved, there can be no rule making or legislation which would abrogate them. -- Miranda vs. Arizona, 384 US 436 p. 491 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
