Subject: Re: X server security question
To: None <>
From: Matthieu Herrb <>
List: tech-security
Date: 04/23/2001 22:05:46
You wrote (in your message from Monday 23)
 > Is there any way of having a X server on a machine without having an
 > open port on 6000/tcp? I'd like to bind the server only to localhost,
 > not to all available interfaces, but I don't see any options for the X
 > server that could help doing this. Did I missed something? 

You missed the Xserver(1) manual page. 
X -nolisten tcp will do what you want. 
 > And is it possible to use UNIX domain sockets for communicating between
 > X clients and the X server? Again, I saw nothing in the documentation
 > about this.

A DISPLAY setting of :0 or :0.0 (or :1) will use a Unix domain socket
(in /tmp/.X11-unix). Moreover, on BSD systems Xlib uses a Unix domain
socket automatically if it detect that the IP address of the client
and the server are the same.