Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Nov 2010 19:30:02 +0100
From:      Roland Smith <rsmith@xs4all.nl>
To:        Logan Moore <logan@xentac.com>
Cc:        freebsd-x11@freebsd.org
Subject:   Re: Using XOrg on a FreeBSD Server
Message-ID:  <20101116183002.GA48067@slackbox.erewhon.net>
In-Reply-To: <AANLkTikJPBv4%2BxQ80R_cfE6i7o0dRKnP7Wm4-Ojwij_j@mail.gmail.com>
References:  <AANLkTikJPBv4%2BxQ80R_cfE6i7o0dRKnP7Wm4-Ojwij_j@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Tue, Nov 16, 2010 at 07:14:35PM +1300, Logan Moore wrote:
> I'm looking for some advice from some of the pro's here.
> 
> I've set up FreeBSD on one of my servers, and I have a nice 24" 1920x1200
> monitor plugged into it. 

Does it have a decent video card that is supported by Xorg and can actually
drive it?

> It seems a shame to be  wasting such a decent
> monitor on a simple black and white terminal, so I've been contemplating
> installing XOrg on the server to get a bit of extra functionality from the
> terminals. I'm not thinking KDE or Gnome... just a simple window manager
> like one of the *box's or even just straight up xdm running terminals and
> maybe some basic GUI tools like a text editor/file manager.

Be aware that the modular Xorg consists of a lot of ports. A quick & dirty count
('pkg_info -rx xorg- | grep Dependency|sort|uniq|wc -l') gives 139 ports
required by xorg.

> Should I be concerned about any security implications from using XOrg?

Xorg requires write access to /dev/mem and /dev/io, which doesn't work if you
are running in secure mode (kern.securelevel > 1). I think it will work if you
raise the securelevel after starting X. But you cannot restart X.

Also, x-terminals like xterm or urxvt are usually installed setuid root.

By default, Xorg also listens for network connections. You can disable this by
adding the '-nolisten tcp' option to the X server arguments, e.g. use 'startx
-- -nolisten tcp'.

> Are there any reasons why I definitely should avoid installing XOrg?

Depends on how paranoid you are, I guess. :-) One could take the position that
every added application is a possible security hole, and that a server should
only have the applications and libraries required for its tasks installed.

Roland
-- 
R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (FreeBSD)

iEYEARECAAYFAkzizaoACgkQEnfvsMMhpyWswACcCOjrSna1y1JRgCQRw2wI0DH+
9YAAnA+YZtBnqLvL7qMTAMP8bOFE2S0b
=fdNi
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101116183002.GA48067>