You are not logged in.
- Topics: Active | Unanswered
#1 2007-12-23 01:41:59
- vfork_0x00f
- Member
- Registered: 2006-08-28
- Posts: 14
[Security] X11 and -nolisten tcp
Just a thought ...
Is there any reason '-nolisten tcp' is not the default?
In Debian, Ubuntu, Fedora, Red Hat, Suse, OpenBSD and probably many others, X port listening is disabled as a security measure. This means that, as shipped, kdm (or xdm/gdm) is not reachable via the network and is unable to manage X servers running on remote hosts. This is not a big problem, since most people do not need to enable port listening in kdm. SSH forwards for X11 or export DISPLAY should cover most users needs.
May I suggest to do the same in Arch and add '-nolisten tcp' as default in startx and /opt/kde/share/config/kdm/kdmrc ?
Last edited by vfork_0x00f (2007-12-23 02:34:40)
Offline
#2 2007-12-27 12:28:40
- VikM
- Member
- Registered: 2007-11-10
- Posts: 50
Re: [Security] X11 and -nolisten tcp
Sad but true, but it seems that security is not among Arch goals at all.
I agree with you, but I guess that official answers for security related posts are, at best, "Hmm... why do that?..."
Offline
#3 2007-12-27 12:48:25
- iphitus
- Forum Fellow
- From: Melbourne, Australia
- Registered: 2004-10-09
- Posts: 4,927
Re: [Security] X11 and -nolisten tcp
File a feature request: http://bugs.archlinux.org/
It's not that we don't care about security -- we do, but we don't want to go overboard on security so much that we compromise 'the Arch Way' or that it detracts from other projects.
Last edited by iphitus (2007-12-27 12:52:22)
Offline
#4 2008-01-03 23:02:19
- vfork_0x00f
- Member
- Registered: 2006-08-28
- Posts: 14
Re: [Security] X11 and -nolisten tcp
reported as feathure request " FS#9053"
Everybody is now invited to vote for this task in the bug tracker 
Last edited by vfork_0x00f (2008-01-04 12:18:21)
Offline