From owner-freebsd-security Wed Mar 21 9:57:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id 3217E37B73F for ; Wed, 21 Mar 2001 09:57:16 -0800 (PST) (envelope-from d.m.pick@qmw.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.16 #1) id 14fmoy-0005yg-00 for security@freebsd.org; Wed, 21 Mar 2001 17:54:56 +0000 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) for security@freebsd.org id 14fmoz-0001CG-00; Wed, 21 Mar 2001 17:54:57 +0000 X-Mailer: exmh version 2.0.2 2/24/98 To: security@freebsd.org Subject: Re: Disabling xhost(1) Access Control In-reply-to: Your message of "Wed, 21 Mar 2001 19:14:54 +0300." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 21 Mar 2001 17:54:57 +0000 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I also think about disabling xhost and wonder which solution have you > chosen -- modifying Xserver source offered later in the thread? Actually, > "-nolisten tcp" is a nice idea, but I would like X to run from the server > on all "Xterminals", and of course "X -query" fails that way... I actually run two copies of "xdm": one (with "-nolisten tcp") for the local display which also has the XDMCP port set to zero to disable remore X displays using XDMCP; and the other copy of "xdm" with no X servers at all, just listening for XDMCP on port 177. Makes it much easier to control the availability of XMDCP without editing files as such. I use this on a laptop which wants just the local display in most connections, but I want to allow the use of an X terminal when I'm at home with a trusted desktop and 17" monitor. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message