From owner-freebsd-hackers Fri Oct 25 10: 1:34 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7002537B404 for ; Fri, 25 Oct 2002 10:01:31 -0700 (PDT) Received: from pop3.psconsult.nl (ps226.psconsult.nl [193.67.147.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFFAB43E75 for ; Fri, 25 Oct 2002 10:01:24 -0700 (PDT) (envelope-from paul@pop3.psconsult.nl) Received: (from paul@localhost) by pop3.psconsult.nl (8.9.2/8.9.2) id TAA18862; Fri, 25 Oct 2002 19:01:18 +0200 (CEST) (envelope-from paul) Date: Fri, 25 Oct 2002 19:01:17 +0200 From: Paul Schenkeveld To: "Brandon D. Valentine" Cc: FreeBSD Hackers List Subject: Re: X11 display problem Message-ID: <20021025190117.A18778@psconsult.nl> References: <20021025114346.P277-100000@taran.dhcp.mc.vanderbilt.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20021025114346.P277-100000@taran.dhcp.mc.vanderbilt.edu>; from bandix@geekpunk.net on Fri, Oct 25, 2002 at 11:57:59AM -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Oct 25, 2002 at 11:57:59AM -0500, Brandon D. Valentine wrote: > On Fri, 25 Oct 2002, John Baldwin wrote: > > > Would be nice if there could be a 'WITH_TCP' or some such option for > > the port to enable normal behavior for those people who aren't super > > paranoid. Having an uber-secure box doesn't do you any good if you > > can't use it to get actual work done. > > Word. > > I'm not near my FreeBSD machines at this moment but this weekend I'll > hack up the necessary patch if nobody else bothers. Probably better to > call it something less ambigious like X11_LISTEN_TCP or similar so those > who want to put it in make.conf don't incur namespace ambiguity and > possible collision with other ports that might use similar make > variables with different semantic meaning. WITH_TCP doesn't have the > same sort of global meaning that WITH_GNOME does. May I suggest WITH_STARTX_TCP ? > The other option is to do away with the insecurity of listen_tcp by > teaching OpenSSH how to setup X11 forwarding using unix domain sockets. > See this message for details: > > http://lists.debian.org/debian-user/2000/debian-user-200002/msg00109.html > > This is probably the most worthwhile and secure avenue. To be perfectly > honest I'm wondering why I still have yet to notice support for it in > OpenSSH. > > Brandon D. Valentine > -- > http://www.geekpunk.net bandix@geekpunk.net > ++[>++++++<-]>[<++++++>-]<.>++++[>+++++<-]>[<+++++>-]<+.+++++++..++ > +.>>+++++[<++++++>-]<++.<<+++++++++++++++.>.+++.------.--------.>+. My $0.02 -- Paul Schenkeveld To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message