Interface binding - again...
Keith Packard
keithp at keithp.com
Mon May 10 21:15:12 PDT 2004
Around 12 o'clock on May 10, Derek Fawcus wrote:
> What I've been thinking of was to remove _all_ code for
> binding to IPC other than local pipe / unix sockets from
> the server.
Yeah, I've had other people suggest this as well. I think it's a sensible
idea as it would allow the initial connection negotiation and
authentication code to run as 'nobody' which would somewhat mitigate the
effect of any bugs in that exposed piece of code.
Plus, you could turn TCP connections on/off easily that way, instead of
having to restart the X server, which would make it possible to have them
disabled almost all of the time, without a huge cost to enable them in the
rare event they're needed.
-keith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/xserver/attachments/20040510/bfc5c1e2/attachment.pgp
More information about the xserver
mailing list