On Mon, 29 Aug 2005 11:32:16 +0200, Han Boetes <[EMAIL PROTECTED]> wrote:
>And since nobody knows about a problem with the X server, not even the people >who have very deep knowledge about X and about security you can safely assume >it's OK to have that port open by default. Han, Though I tend to agree with you about the open X ports, with all due respect, your reasoning is faulty. Blindly assuming some expert got it right is actually a fallacy in formal logic known as "appeal to authority." The quality of the server listening on the open ports as well as the expertise of those who work on it, is actually irrelevant since all human beings can make mistakes and a fallacious argument about "experts" will not change this fact. Though you are correct about the added exposure being minimal due to the high quality of the software, having the X ports open still increases risk. A user simply has the choice to use their best judgement on filtering to counter the increased risk. If you trust your packet filter more than you trust your X server, it makes more sense to counter the risk with your filter, than it does to count on your X server to not bind to the ports when you tell it not to use them. To me, using the packet filter is just easier. In other words, we agree on things but not for the same reasons. ;-) JCR
