From owner-freebsd-hackers  Fri Oct 25  7:42:51 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1E47C37B404
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 25 Oct 2002 07:42:50 -0700 (PDT)
Received: from mail.speakeasy.net (mail14.speakeasy.net [216.254.0.214])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A751C43E4A
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 25 Oct 2002 07:42:49 -0700 (PDT)
	(envelope-from jhb@FreeBSD.org)
Received: (qmail 29091 invoked from network); 25 Oct 2002 14:42:52 -0000
Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63])
          (envelope-sender <jhb@FreeBSD.org>)
          by mail14.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for <freebsd-hackers@FreeBSD.ORG>; 25 Oct 2002 14:42:52 -0000
Received: from laptop.baldwin.cx (gw1.twc.weather.com [216.133.140.1])
	by server.baldwin.cx (8.12.6/8.12.6) with ESMTP id g9PEgln5075146;
	Fri, 25 Oct 2002 10:42:48 -0400 (EDT)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <XFMail.20021025104252.jhb@FreeBSD.org>
X-Mailer: XFMail 1.5.2 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <20021025083029.GA723@happy-idiot-talk.infracaninophi>
Date: Fri, 25 Oct 2002 10:42:52 -0400 (EDT)
From: John Baldwin <jhb@FreeBSD.org>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Subject: Re: X11 display problem
Cc: FreeBSD Hackers List <freebsd-hackers@FreeBSD.ORG>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


On 25-Oct-2002 Matthew Seaman wrote:
> On Thu, Oct 24, 2002 at 06:52:32PM -0700, Kris Kennaway wrote:
> 
>> --nolisten-tcp was added deliberately for security reasons: see the
>> commit logs (it's also documented clearly at the top of the startx
>> manpage).  It sounds like an oversight that xdm doesn't do this; I've
>> asked the XFree86 maintainer to investigate and make the corresponding
>> change if necessary.
> 
> As in:
> 
> --- /usr/X11R6/lib/X11/xdm/Xservers.orig        Fri Mar 22 18:30:32 2002
> +++ /usr/X11R6/lib/X11/xdm/Xservers     Fri Oct 25 09:23:10 2002
> @@ -10,4 +10,4 @@
>  # look like:
>  #      XTerminalName:0 foreign
>  #
> -:0 local /usr/X11R6/bin/X 
> +:0 local /usr/X11R6/bin/X -nolisten tcp
> 
> A very good move indeed, IMHO.

Would be nice if there could be a 'WITH_TCP' or some such option for
the port to enable normal behavior for those people who aren't super
paranoid.  Having an uber-secure box doesn't do you any good if you
can't use it to get actual work done.

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message