X over the network

Doug Stewart dstewart at atl.lmco.com
Wed Dec 3 15:30:08 UTC 2003

Hash: SHA1

Gordon Messmer wrote:
~ > ... People really shouldn't be suggesting that users turn X tcp support
| on without noting that doing so is very insecure.  X runs as the root
| user, and opening a TCP port may make the computer very susceptible to
| exploits.
| Unless your machine is on a secure and trusted network, use ssh's X11
| forwarding to run X11 applications remotely.

Absolutely.  I thought that the security aspect was covered in that
thread, but I could very well be mistaken.

If you ARE running this machine on a corporate or home LAN that is
firewalled/NAT'ed off from the 'Net, then you could probably get away
with it.

Still, if you run Bastille against it, I imagine it would point it out
as a security vulnerability (don't know if this is the case, since I
haven't run Bastille on Fedora yet.  Anyone?)

- --
- ----------
Doug Stewart
Systems Administrator/Web Applications Developer
Lockheed Martin Advanced Technology Labs

Quidquid latine dictum sit, altum viditur
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the users mailing list