Package: xemacs21-bin Version: 21.4.21-3 Severity: normal The fix to 177236 is completely bogus (and yes, I do use connection over the net, because, well, it works over the net[1]). For a start, the manpage still states that you can use MIT-MAGIC-COOKIE-1 and GNU_PORT and GNU_HOST environment variables.
Secondly, it would be completely consistent with the manpage, and indeed sensible, to look for an xauth listing with the $IPADDR:999, or the presence of a file in the $GNU_SECURE environment variable and only bind then. In fact, *THAT IS WHAT GNUSERV APPEARS TO DO*[2]. No xauth listing with an appropriate :999, and the user obviously doesn't want an inet connection. If they have set a :999, then they obviously do, and they would be responsible for any security. Just like it should be. To disable it outright because there might be an unknown[3] security hole is just silly. Might as well not allow ssh to bind to a port 22 either. Please reenable INTERNET_DOMAIN_SOCKETS. Thankyou. [1] And you can always run multiple copies like I do, by invoking it via a script that chooses what GNU_PORT to run on -- works better than working out how to supply a differing socket [2] In fact, one has to wonder what the original reporter was doing to create a socket, since setup_table() in gnuserv.c only returns non zero if there is a XAUTH match via line 618, or if there is a host match in the GNU_SECURE file. So the user must have set one of these, *IN WHICH CASE THEY WERE ASKING FOR AN INTERNET CONNECTION*. [3] And unlikely. Since the first thing it does is to check whether the host is permitted to connect via having the requisite :999 xauth listing or a GNU_SECURE file, it should be fairly trivial to *prove* its correctness rather than to remove outright functionality. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24 (SMP w/2 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages xemacs21-bin depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libdb4.6 4.6.21-7 Berkeley v4.6 Database Libraries [ ii libgpmg1 1.20.3~pre3-3 General Purpose Mouse - shared lib ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library ii libldap-2.4-2 2.4.7-6.2 OpenLDAP libraries ii libncurses5 5.6+20080419-1 Shared libraries for terminal hand ii libsm6 2:1.0.3-1+b1 X11 Session Management library ii libx11-6 2:1.0.3-7 X11 client-side library ii libxau6 1:1.0.3-2 X11 authorisation library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii xemacs21-support 21.4.21-3 highly customizable text editor -- xemacs21-bin recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
