Re: Disabling X and KDM from listening on a port.

From: Rob Bos (
Date: 08/14/01

Date: Tue, 14 Aug 2001 09:14:31 -0700
From: Rob Bos <>
Subject: Re: Disabling X and KDM from listening on a port.
Message-ID: <20010814091431.D4520@tech>

On Tue, Aug 14, 2001 at 03:59:13AM -0700, Dragos Ruiu wrote:
> Firewall those ports off with ipfilter, ipchains or whatever
> you use as a network firewall.

While I have nothing against firewalls, they are fundamentally _workarounds_.
You shouldn't have the service listening in the first place.

It bothers me that XFree86 listens on TCP by default. If you want to open
yourself up to a potential security hole, sure, but insecure shouldn't be the
default. I took a quick look at my X configuration; Debian has -nolisten tcp
on by default, which is fortunate.

I wonder if the XFree team would be willing to listen to a polite nag to
make it not the default, and explicitly state "-listen tcp" in the
configuration. I'm thinking through implications and I don't see anything
immediately that'd be adversely affected.

Questions like this are immediately relevant - God knows how many buffer
overflows are present in XFree; we don't need more worms.


> cheers,
> --dr

Rob Bos - System Administration
Wizard IT Services -
Unix Administration, Website Hosting, Network Services, Programming
(604) 589-0037 Beautiful British Columbia, Canada
Any and all opinions expressed herein are not necessarily
the opinions of Wizard IT Services.