Security: Absolute Client vetting or trust a remote root?

Mike Mestnik cheako+xorg-devel at mikemestnik.net
Fri Jun 8 15:32:40 PDT 2012


On 06/07/2012 11:07 PM, Alan Coopersmith wrote:
> On 06/ 7/12 06:43 PM, Mike Mestnik wrote:
>> On 06/07/12 12:30, Alan Coopersmith wrote:
>>> On 06/ 7/12 05:12 AM, Mike Mestnik wrote:
>>>> The fix is to disable this code whenever a TCP client is connected.
>>>
>>> People who care about security already fixed that by running with
>>> -nolisten tcp.
>>>
>> That disables a major feature of the Network Transparent Windows System,
>> we call X.
>
> No, it just redirects it into more secure channels, such as tunneling over
> ssh, instead of having to re-implement the encryption&  authentication in the
> X layer that ssh already provides.
> Debian Free

It's not up to you to determine IF TCP, or any other protocol for that 
matter, is insecure!  It should not be the purpose of software 
developers ds up on theto police there users, that's part of the reason 
why FOSS is used over Microsoft and other proprietary technologies.

For example the Debian Free Software Guidelines bars licenses that 
restrict software use based on endeavour.

SSH only supports TCP for client connections, not sure how that ends up 
connecting on the server side.


More information about the xorg-devel mailing list