[PATCH xinit 0/1] startx: Pass "-nolisten tcp" by default
Hans de Goede
hdegoede at redhat.com
Sat Sep 13 03:35:51 PDT 2014
Hi,
On 09/12/2014 08:40 PM, Keith Packard wrote:
> Hans de Goede <hdegoede at redhat.com> writes:
>
>> This patch fixes this, I realize that this is a behavior change, and as such
>> may be a bit controversial, but I really believe that in this day and age
>> "-nolisten tcp" by default is the right thing to do.
>
> I've posted patches to Xtrans and the X server that disable tcp and unix
> listener ports by default while providing a '-listen' command line
> option to re-enable them. Missing from these patches are a version bump
> to Xtrans and the associated version check in the X server. If the
> general form of these patches is acceptable, I'd bump the Xtrans
> version, do a release, and then make the X server depend on that.
>
> The 'unix' listener port uses a non-abstract socket, /tmp/.X11-unix/X0,
> which is subject to various security threats, and which xcb and Xlib
> don't use anymore.
I was afraid that people would consider your solution a too big hammer,
but since it seems that that is not the case I'm all in favor of this change.
Also +1 for dropping /tmp/.X11-unix/X* on Linux.
Question, could we somehow also get rid of /tmp/.X*-lock ? If we drop
/tmp/.X11-unix/X* that would be another step to getting rid of things
expected to be in a global /tmp namespace, which breaks having a private
per user /tmp dir.
Regards,
Hans
More information about the xorg-devel
mailing list