From owner-freebsd-x11@FreeBSD.ORG Tue Nov 16 18:41:07 2010 Return-Path: Delivered-To: freebsd-x11@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9595E10656AA for ; Tue, 16 Nov 2010 18:41:07 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr11.xs4all.nl (smtp-vbr11.xs4all.nl [194.109.24.31]) by mx1.freebsd.org (Postfix) with ESMTP id F110E8FC20 for ; Tue, 16 Nov 2010 18:41:01 +0000 (UTC) Received: from slackbox.erewhon.net (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr11.xs4all.nl (8.13.8/8.13.8) with ESMTP id oAGIU2Q0079832; Tue, 16 Nov 2010 19:30:02 +0100 (CET) (envelope-from rsmith@xs4all.nl) Received: by slackbox.erewhon.net (Postfix, from userid 1001) id 23560BA8B; Tue, 16 Nov 2010 19:30:02 +0100 (CET) Date: Tue, 16 Nov 2010 19:30:02 +0100 From: Roland Smith To: Logan Moore Message-ID: <20101116183002.GA48067@slackbox.erewhon.net> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UugvWAfsgieZRqgk" Content-Disposition: inline In-Reply-To: X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-x11@freebsd.org Subject: Re: Using XOrg on a FreeBSD Server X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2010 18:41:07 -0000 --UugvWAfsgieZRqgk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 16, 2010 at 07:14:35PM +1300, Logan Moore wrote: > I'm looking for some advice from some of the pro's here. >=20 > I've set up FreeBSD on one of my servers, and I have a nice 24" 1920x1200 > monitor plugged into it.=20 Does it have a decent video card that is supported by Xorg and can actually drive it? > It seems a shame to be wasting such a decent > monitor on a simple black and white terminal, so I've been contemplating > installing XOrg on the server to get a bit of extra functionality from the > terminals. I'm not thinking KDE or Gnome... just a simple window manager > like one of the *box's or even just straight up xdm running terminals and > maybe some basic GUI tools like a text editor/file manager. Be aware that the modular Xorg consists of a lot of ports. A quick & dirty = count ('pkg_info -rx xorg- | grep Dependency|sort|uniq|wc -l') gives 139 ports required by xorg. > Should I be concerned about any security implications from using XOrg? Xorg requires write access to /dev/mem and /dev/io, which doesn't work if y= ou are running in secure mode (kern.securelevel > 1). I think it will work if = you raise the securelevel after starting X. But you cannot restart X. Also, x-terminals like xterm or urxvt are usually installed setuid root. By default, Xorg also listens for network connections. You can disable this= by adding the '-nolisten tcp' option to the X server arguments, e.g. use 'star= tx -- -nolisten tcp'. > Are there any reasons why I definitely should avoid installing XOrg? Depends on how paranoid you are, I guess. :-) One could take the position t= hat every added application is a possible security hole, and that a server shou= ld only have the applications and libraries required for its tasks installed. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --UugvWAfsgieZRqgk Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAkzizaoACgkQEnfvsMMhpyWswACcCOjrSna1y1JRgCQRw2wI0DH+ 9YAAnA+YZtBnqLvL7qMTAMP8bOFE2S0b =fdNi -----END PGP SIGNATURE----- --UugvWAfsgieZRqgk--