From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org
X-Spam-Level: **
X-Spam-Status: No, score=2.8 required=5.0 tests=DATE_IN_PAST_06_12,
	DKIM_ADSP_ALL,DMARC_QUAR,INVALID_DATE,MAILING_LIST_MULTI autolearn=no
	autolearn_force=no version=4.0.0
Received: from porsta.cs.helsinki.fi ([128.214.48.124] ident=root)
	by cvs.gentoo.org with esmtp (Exim 3.30 #1)
	id 15h692-0001qM-00
	for gentoo-dev@cvs.gentoo.org; Wed, 12 Sep 2001 03:17:20 -0600
Received: from melkki.cs.Helsinki.FI (IDENT:root@melkki.cs.Helsinki.FI [128.214.48.122])
	by porsta.cs.Helsinki.FI (8.11.6/8.11.6) with ESMTP id f8C9GrS04493
	for <gentoo-dev@cvs.gentoo.org>; Wed, 12 Sep 2001 12:16:53 +0300
Received: (from ekarttun@localhost)
	by melkki.cs.Helsinki.FI (8.9.3/8.9.3) id MAA08363
	for gentoo-dev@cvs.gentoo.org; Wed, 12 Sep 2001 12:16:49 +0300
From: Einar Karttunen <ekarttun@cs.Helsinki.FI>
To: gentoo-dev@cvs.gentoo.org
Subject: Re: [gentoo-dev] how to close port 6000 in gentoo
Message-ID: <20010912121649.A7430@cs.helsinki.fi>
References: <20010911220011.A9840@llama.dolly-llama.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010911220011.A9840@llama.dolly-llama.org>; from blutgens@sistina.com on Tue, Sep 11, 2001 at 10:00:11PM -0500
Sender: gentoo-dev-admin@cvs.gentoo.org
Errors-To: gentoo-dev-admin@cvs.gentoo.org
X-BeenThere: gentoo-dev@cvs.gentoo.org
X-Mailman-Version: 2.0
Precedence: bulk
Reply-To: gentoo-dev@cvs.gentoo.org
List-Help: <mailto:gentoo-dev-request@cvs.gentoo.org?subject=help>
List-Post: <mailto:gentoo-dev@cvs.gentoo.org>
List-Subscribe: <http://cvs.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@cvs.gentoo.org?subject=subscribe>
List-Id: Gentoo Linux development list <gentoo-dev.cvs.gentoo.org>
List-Unsubscribe: <http://cvs.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@cvs.gentoo.org?subject=unsubscribe>
List-Archive: <http://cvs.gentoo.org/pipermail/gentoo-dev/>
Date: Wed Sep 12 03:18:02 2001
X-Original-Date: Wed, 12 Sep 2001 12:16:49 +0300
X-Archives-Salt: 8519e31d-0c23-4c4c-8aae-d36180feb7e1
X-Archives-Hash: 3c55a0dd3fa6162ff16a3a4d65e7853c

On Tue, Sep 11, 2001 at 10:00:11PM -0500, Ben Lutgens wrote:
> Hi all, by default in gentoo (as well as a few other distros as well) X is
> configured to listen on port 6000/tcp for remote X requests, this is a
> known security hazard.
> 
> If you're using xdm do the following:
> edit /etc/X11/xdm/Xservers to say
> 
> local /usr/X11R6/bin/X -nolisten tcp
> 
> I also recommend not using xfs since X cant handle fonts without it. 
> 
Is there anyway to do this if one is not using xdm?
A solution working for xinit is good, but isn't there
any way of making this default short of compiling X
from scratch?

- Einar Karttunen