Xserver --nolisten tcp by default?
Gordon Messmer
yinyang at eburg.com
Fri Nov 14 00:22:49 UTC 2003
Neal D. Becker wrote:
> It seems that fedora1 changed the Xserver to start with --nolisten tcp by
> default. That's an important change! I didn't notice this in the release
> notes!
It probably should have been mentioned in the release notes, since it's
a HUGE security improvement. The X server runs as root, so listening on
TCP is and always has been an extremely dangerous practice. It's
probably been the biggest security hole in the default workstation
install for a long long time.
> How to I overide it?
You can look at /etc/X11/gdm/gdm.conf and change the value of
DisallowTCP, or you can use ssh with X11 forwarding. Two points if you
guess which is recommended.
More information about the test
mailing list