[PATCH xinit] startx: Pass "-nolisten tcp" by default
Hans de Goede
hdegoede at redhat.com
Fri Sep 12 07:43:20 PDT 2014
Hi,
On 09/12/2014 04:40 PM, Mateusz Jończyk wrote:
> W dniu 12.09.2014 o 09:25, Hans de Goede pisze:
>> Having servers started by startx listen on tcp by default is not a good idea
>> in this time and age. Pass "-nolisten tcp" by default, and add a special
>> -listen server option which can be used to disable this new default behavior.
>>
>> Signed-off-by: Hans de Goede <hdegoede at redhat.com>
>> ---
>> man/startx.man | 7 +++++++
>> startx.cpp | 5 +++++
>> 2 files changed, 12 insertions(+)
>
> Hello,
> This may generate a security threat in case some people will assume that xinit
> uses "-nolisten tcp" by default and then do not pass this parameter on the
> command line.
> When that code will run will an older XServer version, it will expose the X
> Server on a network.
I don't think that adding warnings for security issues in older versions
to man-pages is a good idea. If we do that each time we tweak a security related
setting for better security by default man pages will become unreadable over time.
Regards,
Hans
More information about the xorg-devel
mailing list