Subject: Re: Weekly BSD Security Digest 2000/07/10 to 2000/07/16
To: None <lukem@cs.rmit.edu.au>
From: RJ Atkinson <rja@inet.org>
List: tech-security
Date: 07/26/2000 11:37:13
  by mail.netbsd.org with SMTP; 26 Jul 2000 15:42:06 -0000
	by inner.net (8.7.6/8.9.3) with ESMTP id PAA24329;
	Wed, 26 Jul 2000 15:36:40 GMT
Message-Id: <4.2.0.58.20000726113454.00999a10@avarice.inner.net>
Date: Wed, 26 Jul 2000 11:37:13 -0400
To: lukem@cs.rmit.edu.au
From: RJ Atkinson <rja@inet.org>
Subject: Re: Weekly BSD Security Digest 2000/07/10 to 2000/07/16 
Cc: "Perry E. Metzger" <perry@wasabisystems.com>, tech-x11@netbsd.org,
        tech-security@netbsd.org
In-Reply-To: <200007260520.PAA15096@wombat.cs.rmit.edu.au>
References: <Your message of "24 Jul 2000 13:40:13 -0400 " <87bsznh1fm.fsf@snark.piermont.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"

At 01:20 26/07/00 , Luke Mewburn wrote:

>Except where NetBSD boxes are used as central login servers and you have
>X-terminals xdm-ing off them...

These exist, but they are uncommon enough (as a % of installed base)
that folks doing that could reasonably be expected to reconfigure
their X11 installation to enable that capability. 

>But as people mentioned earlier, just disable the remote login support
>in the xdm Xaccess config file if you don't need X-terminal support...

I'd say that this ought to be disabled in the default shipping
configuration.  Maybe there could be a README.netbsd file in the
/usr/X11/ directory with notes on how the NetBSD defaults might
vary from XFree86 defaults and where the config files/knobs exist ?

Ran
rja@inet.org