Date: Mon, 27 Oct 2003 18:00:42 -0800 (PST) From: Jason Stone <freebsd-security@dfmm.org> To: Wolfgang Kess <bsdlist@kess.ch> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: How to disable XFree86 and wdm listening ports Message-ID: <20031027175709.C38023@walter> In-Reply-To: <Pine.LNX.4.58.0310272032170.533@ragrecevfr.fsrat.fbheprsver.pbz> References: <20031027211512.GA14467@stinky.trash.net> <Pine.LNX.4.58.0310272032170.533@ragrecevfr.fsrat.fbheprsver.pbz>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > For gdm, the process is similar the line to start the X server is in > gdm.conf and would look like command=/usr/X11R6/bin/X -nolisten tcp. If you think that you might someday invoke X with a different display manager, you might consider replacing /usr/X11R6/bin/X with a shell script that calls "X.real -nolisten tcp" - this would make all methods of starting X not use the tcp port. On the other hand, you'll have to remember to maintain it when you upgrade. Also, it's probably a good idea to firewall of that port as well - defense in depth and all that. -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE/nc3KswXMWWtptckRAmsQAKDxtRh8bGXweESE9NdUnEjdZ2DyQgCguft3 fN08dEO9gEEudzWWuQJYSkY= =a1Up -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031027175709.C38023>