On Thu, Mar 30, 2000 at 08:09:40PM +0600, Devdas Bhagat wrote:
> On Thu, 30 Mar 2000, Dhiran Rajbhandari wrote:
> >Dear friends,
> > I want to disable the X windows in telnet session. I mean the
> >local user who logs into my linux server from any remote site shouldn't be
> >able to run X windows. How can I control? Please help me../
>
> Remove /usr/X11R6/bin from his path, and change permissions to make it usable
> by only a certain group. Or you can chroot the remote user (not recommended,
> its a security hole).
One can defeat this by ftp'ing a X11 binary into the machine and running it.
A more effective way would be to block port 6000 which X11 protocol uses
to communicate with the client. Note that blocking port 6000 on that box
is not what is needed. You need to block all sockets whose destination is
6000. Then again, one can defeat this by running X on a different port.
-Arun
-----------------------------------------------------------------------
For more information on the LIH mailing list see:
http://lists.linux-india.org/lists/LIH
