[PATCH xinit] startx: Pass "-nolisten tcp" by default

Hans de Goede hdegoede at redhat.com
Fri Sep 12 07:43:20 PDT 2014


Hi,

On 09/12/2014 04:40 PM, Mateusz Jończyk wrote:
> W dniu 12.09.2014 o 09:25, Hans de Goede pisze:
>> Having servers started by startx listen on tcp by default is not a good idea
>> in this time and age. Pass "-nolisten tcp" by default, and add a special
>> -listen server option which can be used to disable this new default behavior.
>>
>> Signed-off-by: Hans de Goede <hdegoede at redhat.com>
>> ---
>>  man/startx.man | 7 +++++++
>>  startx.cpp     | 5 +++++
>>  2 files changed, 12 insertions(+)
> 
> Hello,
> This may generate a security threat in case some people will assume that xinit
> uses "-nolisten tcp" by default and then do not pass this parameter on the
> command line.
> When that code will run will an older XServer version, it will expose the X
> Server on a network.

I don't think that adding warnings for security issues in older versions
to man-pages is a good idea. If we do that each time we tweak a security related
setting for better security by default man pages will become unreadable over time.

Regards,

Hans


More information about the xorg-devel mailing list