Several questions
Wade Hampton
wade.hampton at nsc1.net
Wed Nov 19 20:11:43 UTC 2003
Bill Anderson wrote:
>On Mon, 2003-11-03 at 16:08, Wade Hampton wrote:
>
>
>>Satish Balay wrote:
>>
>>
>>>>If GDM was listening for remote connections it would be on port 177, but
>>>>since
>>>>by default it doesn't do that, this isn't your issue.
>>>>
>>>>Port 6000 is (by default) the port that the first X display will listen
>>>>to for incomming
>>>>connections.
>>>>
>>>>
>...
>
>
>>On RH 8, I added DisallowTCP=true to the gdm.conf file and it worked.
>>I have tried in my gdm.conf file [security] section as described in
>>http://www.jirka.org/gdm-documentation/x227.html
>>
>>When I restart gdm or when I reboot, port 6000 is still open (nmap -s T
>><ip address>).
>>
>>I hope it is fixed in Fedora (of course, I hope the docs also describe
>>how to open it
>>back up for those that don't know this option).
>>
>>
>
>Wade, please reread the post. GDM is NOT listening on 6000, so your
>changes to gdm.conf will NOT affect that. It is not a bug, you are
>looking at the wrong software.
>
>
Thanks. I know that GDM is not the one doing the listening.
GDM starts the X server and when doing so has to pass
"-nolisten tcp" to the X server to tell the it to not open port 6000.
On my box at home (runlevel 3), I have a runx script that starts X with
-nolisten tcp added to the command line. According to the GDM site,
the DisallowTCP option passes this option to the X server so it would
control port 6000 (not port 177, which would be controlled by the XDCMP
options).
See: http://www.jirka.org/gdm-documentation/x227.html
Snips below:
Security Options
*[security]*
-snip-
DisallowTCP
DisallowTCP=true
If true, then always append -nolisten tcp to the command line of
local X servers, thus disallowing TCP connection. This is useful if
you do not care for allowing remote connections, since the X
protocol could really be potentially a security hazard to leave
open, even though no known security problems exist.
-snip-
XDCMP Support
*[xdmcp]*
-snip-
Enable
Enable=false
Setting this to true enables XDMCP support allowing remote
displays/X terminals to be managed by GDM.
gdm listens for requests on UDP port 177. See the Port option for
more information.
>Reread the post from Ben Russo, it contains your answers (despite the
>goof on xhost+, don't do that).
>
>
Know about xhost+ :).
Back to the original question. Is there a simple way to set the box so
that when I log in, X is not listening on port 6000?
Thanks,
--
Wade Hampton
More information about the users
mailing list