You are not logged in.
Hi forum,
Today I found out that for some reason, my X server is listening to port 6000 on all interfaces:
[marti@larry]% sudo netstat -pntl |grep X
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 17163/X
tcp 0 0 :::6000 :::* LISTEN 17163/X
I assumed that X is launched with TCP disabled on all modern distros. I'm starting X with xinit and my /etc/X11/xinit/xserverrc indeed seems to be configured to disable TCP:
exec /usr/bin/X -nolisten tcp
I haven't tweaked X at all besides a little /etc/X11/xorg.conf:
Section "Device"
Identifier "Builtin Default intel Device 0"
Driver "intel"
EndSection
Section "Screen"
Identifier "Builtin Default intel Screen 0"
Device "Builtin Default intel Device 0"
SubSection "Display"
#Virtual 2960 1050
EndSubSection
EndSection
Section "ServerLayout"
Identifier "Builtin Default Layout"
Screen "Builtin Default intel Screen 0"
EndSection
What gives? Why isn't xinit launching X using its xserverrc?
Last edited by intgr (2009-10-04 17:43:57)
Offline
I did the same analysis you did, but on my machine, X isn't listening on any network port. My /etc/X11/xinit/xserverrc looks exactly the same as yours, but I don't youse xorg.conf.
Offline
X isn't listening on any network port here either. Maybe it has to do with exactly how you start x. Could it be that /etc/X11/xinit/xserverrc never gets executed?
Last edited by rwd (2009-10-04 16:22:24)
Offline
This is weird. Now I restarted X, tried with both 'xinit' and 'startx', changed my .xinitrc but still couldn't reproduce this problem.
Thanks for your help.
Offline
I've discovered the same problem. Moreover, Xorg does not read the "~/.Xauthority" file, so anyone can connect to my Xorg (!!!) (I discovered this when trying to connect to Xorg from a freshly created user account).
Is it the intended behavior? I run Xorg by:
xinit ~/.xinitrc-gnome -- >/tmp/X-user-out 2>/tmp/X-user-err </dev/null &
"~/.xinitrc-gnome" :
#!/bin/sh
exec ck-launch-session gnome-session
For now I can remedy the vulnerability by:
xinit ~/.xinitrc-gnome -- -nolisten tcp -auth ~/.Xauthority >/tmp/X-user-out 2>/tmp/X-user-err </dev/null &
we are not condemned to write ugly code
Offline