by mail.netbsd.org with SMTP; 24 Jul 2000 17:27:20 -0000
	by mail1.panix.com (Postfix) with ESMTP
	id C4AF731620; Mon, 24 Jul 2000 13:27:19 -0400 (EDT)
Date: Mon, 24 Jul 2000 13:27:19 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: "Perry E. Metzger" <perry@wasabisystems.com>
Cc: tech-x11@netbsd.org, tech-security@netbsd.org
Subject: Re: Weekly BSD Security Digest 2000/07/10 to 2000/07/16
Message-ID: <20000724132719.A28893@rek.tjls.com>
Reply-To: tls@rek.tjls.com
References: <Pine.GSO.4.10.10007210313510.11355-100000@rfhpc8320.fh-regensburg.de> <87wviblh2p.fsf@snark.piermont.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <87wviblh2p.fsf@snark.piermont.com>; from perry@wasabisystems.com on Mon, Jul 24, 2000 at 10:48:46AM -0400

On Mon, Jul 24, 2000 at 10:48:46AM -0400, Perry E. Metzger wrote:
> 
> Hubert Feyrer <feyrer@rfhs8012.fh-regensburg.de> writes:
> > The Weekly BSD Security Digest 2000/07/10 to 2000/07/16
> > (http://www.securityportal.com/topnews/weekly/bsd20000717.html) mentions
> > some X holes in viarous parts of X: libICE, X server, libX11.  
> > 
> > Are we affected by these?
> 
> BTW, some years ago my company contributed a patch to the X folks that
> allows you to run X without having it listen to the network at all --
> see the --nolisten tcp option. I've run all my X servers this way ever
> since.

An issue to be aware of that trips up many folks running X carefully is
that this doesn't prevent *xdm* from listening to the network, allowing
anyone who runs X -query foo.bar.com to talk to the XDM on foo.bar.com and
attempt to exploit any vulnerabilities it may have.

Thor