by mail.netbsd.org with SMTP; 24 Jul 2000 17:40:14 -0000
	id 7F19A1E00AD; Mon, 24 Jul 2000 13:40:13 -0400 (EDT)
From: "Perry E. Metzger" <perry@wasabisystems.com>
To: tls@rek.tjls.com
Cc: tech-x11@netbsd.org, tech-security@netbsd.org
Subject: Re: Weekly BSD Security Digest 2000/07/10 to 2000/07/16
References: <Pine.GSO.4.10.10007210313510.11355-100000@rfhpc8320.fh-regensburg.de> <87wviblh2p.fsf@snark.piermont.com> <20000724132719.A28893@rek.tjls.com>
Date: 24 Jul 2000 13:40:13 -0400
In-Reply-To: Thor Lancelot Simon's message of "Mon, 24 Jul 2000 13:27:19 -0400"
Message-ID: <87bsznh1fm.fsf@snark.piermont.com>
Lines: 15


Thor Lancelot Simon <tls@rek.tjls.com> writes:
> An issue to be aware of that trips up many folks running X carefully is
> that this doesn't prevent *xdm* from listening to the network, allowing
> anyone who runs X -query foo.bar.com to talk to the XDM on foo.bar.com and
> attempt to exploit any vulnerabilities it may have.

True enough. Perhaps we need to write (and contribute back) a similar
hack for xdm. In virtually every setup, xdm does not need to talk to
the network -- the ones where it is useful are rare in our context.

--
Perry E. Metzger		perry@wasabisystems.com
--
Quality NetBSD Sales, Support & Service. http://www.wasabisystems.com/