Re: make gnome listen on localhost:*

From: Chris Evans <chris ferret lmh ox ac uk>
To: "Guillermo S. Romero / Familia Romero" <famrom idecnet com>
Cc: gnome-list gnome org
Subject: Re: make gnome listen on localhost:*
Date: Thu, 15 Jun 2000 13:07:27 +0100 (BST)

On Thu, 15 Jun 2000, Guillermo S. Romero / Familia Romero wrote:

> >For example, we could disable X server network access as well, requiring a
> >config file change to use it, and probably 99% of desktop users wouldn't
> >notice. But since you and I both likely happen to be in the set of people
> >who do use this feature, we would both protest against doing this.
> 
> Uuumm... by default you have tu use first "xhost +inet:machine" to allow
> other machines to show things in your X display. At least that is how are
> configured the latest RH I have used (correct me if I am wrong, maybe I
> touched something in my machines).

[...]

> I dunno if the X method is bad or good, but at least does not sound bad. It

There IS a problem with a "listen on a port but deny" default. Namely, the
"deny" code has to parse the request then deny it. There of course may be
a flaw in the parsing.

Sounds unlikely? Please see my recent Bugtraq post detailling a nasty X
server denial of service attack. There was a flaw in the code which
decides whether or not a request is authorized. The X server default on
most distributions is to listen on port 6000. This is not a sane default
for modem users.

The solution is to just not inet listen at all. Unless the user indicates
that they need this functionality. Wrap it up in a pretty GUI and
user-oriented terms if required.

Cheers
Chris

References:
- Re: make gnome listen on localhost:*
  - From: Guillermo S. Romero / Familia Romero

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]