by mail.netbsd.org with SMTP; 24 Jul 2000 15:03:27 -0000
	by inner.net (8.7.6/8.9.3) with ESMTP id OAA20210;
	Mon, 24 Jul 2000 14:59:37 GMT
Message-Id: <4.2.0.58.20000724105622.00990ed0@avarice.inner.net>
Date: Mon, 24 Jul 2000 10:59:00 -0400
To: "Perry E. Metzger" <perry@wasabisystems.com>
From: RJ Atkinson <rja@inet.org>
Subject: Re: Weekly BSD Security Digest 2000/07/10 to 2000/07/16
Cc: hubert.feyrer@informatik.fh-regensburg.de, tech-x11@netbsd.org,
        tech-security@netbsd.org
In-Reply-To: <87wviblh2p.fsf@snark.piermont.com>
References: <Hubert Feyrer's message of "Fri, 21 Jul 2000 03:16:47 +0200 (MET DST)">
 <Pine.GSO.4.10.10007210313510.11355-100000@rfhpc8320.fh-regensburg.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 10:48 24/07/00 , Perry E. Metzger wrote:

>BTW, some years ago my company contributed a patch to the X folks that
>allows you to run X without having it listen to the network at all --
>see the --nolisten tcp option. I've run all my X servers this way ever
>since.
>
>I highly recommend that people run their X systems this way. It
>eliminates a whole host of worries about security. Sure, someone could
>still break root on your machine locally, but for things like single
>user workstations, it eliminates the entire worry about X being
>insecure over the wire.
>
>I almost think we should make this the shipped default for NetBSD but
>it would break a few people.

         None the less, I think it would make a quite reasonable 
default for all *BSDs, perhaps even for XFree86 in general.
The number of folks who want remote access is smaller than those
who don't need it, I'd guess.  In any event, I believe in systems
that ship secure by default.

         If undertaken, it is important that this choice/change
is clearly documented and that any clues needed to run an 
X server without that option were also well documented.

Ran
rja@inet.org