[PATCH xinit 0/1] startx: Pass "-nolisten tcp" by default
Keith Packard
keithp at keithp.com
Fri Sep 12 11:40:04 PDT 2014
Hans de Goede <hdegoede at redhat.com> writes:
> This patch fixes this, I realize that this is a behavior change, and as such
> may be a bit controversial, but I really believe that in this day and age
> "-nolisten tcp" by default is the right thing to do.
I've posted patches to Xtrans and the X server that disable tcp and unix
listener ports by default while providing a '-listen' command line
option to re-enable them. Missing from these patches are a version bump
to Xtrans and the associated version check in the X server. If the
general form of these patches is acceptable, I'd bump the Xtrans
version, do a release, and then make the X server depend on that.
The 'unix' listener port uses a non-abstract socket, /tmp/.X11-unix/X0,
which is subject to various security threats, and which xcb and Xlib
don't use anymore.
We could make the set of default no-listen ports configurable at compile
time if desired.
--
keith.packard at intel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 810 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg-devel/attachments/20140912/55b69223/attachment-0001.sig>
More information about the xorg-devel
mailing list