[PATCH xinit 0/1] startx: Pass "-nolisten tcp" by default

Hans de Goede hdegoede at redhat.com
Sat Sep 13 03:35:51 PDT 2014


Hi,

On 09/12/2014 08:40 PM, Keith Packard wrote:
> Hans de Goede <hdegoede at redhat.com> writes:
> 
>> This patch fixes this, I realize that this is a behavior change, and as such
>> may be a bit controversial, but I really believe that in this day and age
>> "-nolisten tcp" by default is the right thing to do.
> 
> I've posted patches to Xtrans and the X server that disable tcp and unix
> listener ports by default while providing a '-listen' command line
> option to re-enable them. Missing from these patches are a version bump
> to Xtrans and the associated version check in the X server. If the
> general form of these patches is acceptable, I'd bump the Xtrans
> version, do a release, and then make the X server depend on that.
> 
> The 'unix' listener port uses a non-abstract socket, /tmp/.X11-unix/X0,
> which is subject to various security threats, and which xcb and Xlib
> don't use anymore.

I was afraid that people would consider your solution a too big hammer,
but since it seems that that is not the case I'm all in favor of this change.

Also +1 for dropping /tmp/.X11-unix/X* on Linux.

Question, could we somehow also get rid of /tmp/.X*-lock ? If we drop
/tmp/.X11-unix/X* that would be another step to getting rid of things
expected to be in a global /tmp namespace, which breaks having a private
per user /tmp dir.

Regards,

Hans


More information about the xorg-devel mailing list