You are not logged in.

#1 2009-03-06 18:40:52

mcover
Member
From: Germany
Registered: 2007-01-25
Posts: 134

Xfce 4.6 session binds to tcp port (ICE layer)

As topic.

However to be more specific, since the new Xfce4 xfce4-session automatically listens on a (random?) port. This being a tcp-binding to the ICE layer.

See xfce4-session man page:

--disable-tcp
              Disable  binding  to  TCP ports in the ICE layer. This is not possible on every platform. If you
              use this option on a platform that does not support it, xfce4-session will print a warning  message and ignore the setting.

Thus, by default its enabled.

netstat -apn

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:45505           0.0.0.0:*               LISTEN      5318/xfce4-session  
[...]
tcp        0      0 :::42892                :::*                    LISTEN      5318/xfce4-session  
[...]

Since I'm paranoid this seems to me like a security risk. It is possibly fixable by appending --disable-tcp to the xfce4-session entry in /etc/xdg/xfce4/xinitrc. Or is there a better place?

Is this worth putting in the bug-tracker, is it intended, should Arch by default disable xfce4-session listening to a tcp-port? Or is there a similar entry somewhere already?

In my opinion, it should be disabled by default, since if it is not specifically required, its just another hole in the system.

m.

Offline

Board footer

Powered by FluxBB