Date: Sat, 27 Oct 2001 04:03:59 +0200 From: Jochem Kossen <j.kossen@home.nl> To: Jean-Marc Zucconi <jmz@FreeBSD.org> Cc: ports@FreeBSD.org Subject: Re: x11/XFree86-4: patch to make XFree86-4 a _little_ bit more secure Message-ID: <20011027040359.A58119@jochem.dyndns.org> In-Reply-To: <200110261830.f9QIUFa44037@freefall.freebsd.org>; from jmz@FreeBSD.org on Fri, Oct 26, 2001 at 11:30:15AM -0700 References: <20011026155354.A44808@jochem.dyndns.org> <200110261830.f9QIUFa44037@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Fri, Oct 26, 2001 at 11:30:15AM -0700, Jean-Marc Zucconi wrote:
> >>>>> Jochem Kossen writes:
>
> > Hi there,
> > I always hate the fact that when i start X, port 6000 is listening.
> > Attached file patches startx to use X with the '-nolisten tcp' option.
> > My idea behind this is that most people who use X don't need the network
> > options of it, those who do, are wise enough to change it in `which
> > startx`...
> > Secure by default? :)
>
> But then you have to edit and change the script if you want a
> non-secure operation mode. You should add a startx option for starting
> in non-secure mode. And don't forget the patch for the documentation
> change in the man page! :-)
>
> Jean-Marc
>
> --
> Jean-Marc Zucconi -- PGP Key: finger jmz@FreeBSD.org [KeyID: 400B38E9]
I agree, an option to startx to use non-secure mode is better. So, here
are a two different patches, one for programs/xinit/startx.cpp and one
for programs/xinit/startx.man. (they are against XFree86-4.1.0_9).
It will add the option '-listen_tcp' to startx, so 'startx' will start X
secure, 'startx -listen_tcp' will start X non-secure.
Jochem
--
Fortune cookie says:
Two percent of zero is almost nothing.
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-startx
--- programs/xinit/startx.cpp.orig Fri Apr 27 13:04:53 2001
+++ programs/xinit/startx.cpp Sat Oct 27 03:50:41 2001
@@ -82,8 +82,12 @@
display=:0
whoseargs="client"
+listen_tcp="-nolisten tcp"
while [ "x$1" != "x" ]; do
case "$1" in
+ -listen_tcp)
+ listen_tcp=""
+ ;;
--)
whoseargs="server"
;;
@@ -134,7 +138,7 @@
done
#endif
-xinit $clientargs -- $serverargs
+xinit $clientargs -- $serverargs $listen_tcp
if [ x"$removelist" != x ]; then
xauth remove $removelist
--gBBFr7Ir9EOA20Yy
Content-Type: application/x-troff-man
Content-Disposition: attachment; filename="patch-startx.man"
--- programs/xinit/startx.man.orig Thu Apr 19 17:08:32 2001
+++ programs/xinit/startx.man Sat Oct 27 03:40:01 2001
@@ -42,10 +42,17 @@
somewhat nicer user interface for running a single session of the X
Window System. It is often run with no arguments.
.PP
-Arguments immediately following the
+Except for the
+.RB '-listen_tcp'
+option, arguments immediately following the
.I startx
command are used to start a client in the same manner as
.IR xinit (1).
+The
+.RB '-listen_tcp'
+option of startx enables the TCP/IP transport type which is needed for remote X
+displays. This is disabled by default for security reasons.
+.PP
The special argument
.RB '--'
marks the end of client arguments and the beginning of server options.
@@ -66,6 +73,8 @@
startx -- -dpi 100
.PP
startx -- -layout Multihead
+.PP
+startx -listen_tcp -- -depth 16
.RE
.PP
To determine the client to run,
--gBBFr7Ir9EOA20Yy--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011027040359.A58119>