urgent wdm security issue (woody sid only)

(Sorry for the cross-posting; this is somewhat important) Versions 1.20-11.2 and 1.20-12 of wdm contain a configuration error that caused X session authentication data to be stored in a non-existant directory. In situations like this, the X server falls back to a security mode which allows

urgent wdm security issue (woody sid only)

(Sorry for the cross-posting; this is somewhat important) Versions 1.20-11.2 and 1.20-12 of wdm contain a configuration error that caused X session authentication data to be stored in a non-existant directory. In situations like this, the X server falls back to a security mode which allows *all*

RE: wdm security

startx -- -nolisten tcp Obviously this would do the trick, but see below as to why it is not a good option. only as part of the perennially-discussed task-harden. Doesn't even effect remote xsessions, as you should be using ssh to tunnel your sessions anyway. There is no way of ssh

Re: wdm security

I would not trash wdm just yet. Let me take a look. If you're concerned, you might want to firewall that port using ipchains or iptables. No problem - I am currently behind an ipchains firewall, but it's about to change and I just wanted to know if something breaks if I ipchain/table the

RE: wdm security

On Fri, 25 May 2001, Steve wrote: Ed == Ed Street [EMAIL PROTECTED] writes: Hello, If memory serves me correctly there's a line in /etc/X11 that you can add/modify to tell it to NOT lissen. startx -- -nolisten tcp will have the effect. However, there doesn't seem to be a global setting

Re: wdm security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 May 2001 10:00 am, John Galt wrote: On Fri, 25 May 2001, Steve wrote: Ed == Ed Street [EMAIL PROTECTED] writes: Hello, If memory serves me correctly there's a line in /etc/X11 that you can add/modify to tell it to NOT lissen.

Re: wdm security

On Thu, 24 May 2001, Noah L. Meyerhans wrote: Interestingly enough, a quick find/grep traversal of the wdm source indicates that the only code for setting up network listeners comes directly from the xdm sources without modification at all. That implies to me that the listener on port 32768

Re: wdm security

I would not trash wdm just yet. Let me take a look. If you're concerned, you might want to firewall that port using ipchains or iptables. No problem - I am currently behind an ipchains firewall, but it's about to change and I just wanted to know if something breaks if I ipchain/table the

RE: wdm security

Ed == Ed Street [EMAIL PROTECTED] writes: Hello, If memory serves me correctly there's a line in /etc/X11 that you can add/modify to tell it to NOT lissen. startx -- -nolisten tcp will have the effect. However, there doesn't seem to be a global setting that will enforce it system-wide,

RE: wdm security

On Fri, 25 May 2001, Steve wrote: Ed == Ed Street [EMAIL PROTECTED] writes: Hello, If memory serves me correctly there's a line in /etc/X11 that you can add/modify to tell it to NOT lissen. startx -- -nolisten tcp will have the effect. However, there doesn't seem to be a global setting

Re: wdm security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 25 May 2001 10:00 am, John Galt wrote: On Fri, 25 May 2001, Steve wrote: Ed == Ed Street [EMAIL PROTECTED] writes: Hello, If memory serves me correctly there's a line in /etc/X11 that you can add/modify to tell it to NOT lissen.

Re: wdm security

On Thu, 24 May 2001, Noah L. Meyerhans wrote: Interestingly enough, a quick find/grep traversal of the wdm source indicates that the only code for setting up network listeners comes directly from the xdm sources without modification at all. That implies to me that the listener on port 32768

wdm security

I am a little concerned about XFree86+wdm keeping a bunch of processes listening on port 32768. (wdm is the windowmaker xdm replacement.) According to lsof -i TCP, there are a number of processes listening on the port. When using X, I accept the obvious port 6000 being open for inbound

Re: wdm security

On Thu, May 24, 2001 at 01:53:46PM +0300, Juha Jäykkä wrote: I am a little concerned about XFree86+wdm keeping a bunch of processes listening on port 32768. (wdm is the windowmaker xdm Hi. I am the wdm maintainer for Debian. I haven't been maintaining this package for too long, and I'm not

RE: wdm security

Hello, If memory serves me correctly there's a line in /etc/X11 that you can add/modify to tell it to NOT lissen. Ed -Original Message- From: Noah L. Meyerhans [mailto:[EMAIL PROTECTED] Sent: Thursday, May 24, 2001 10:47 AM To: Debian Security List Subject: Re: wdm security On Thu