Hubert Feyrer <feyrer@rfhs8012.fh-regensburg.de> writes:
> The Weekly BSD Security Digest 2000/07/10 to 2000/07/16
> (http://www.securityportal.com/topnews/weekly/bsd20000717.html) mentions
> some X holes in viarous parts of X: libICE, X server, libX11.  
> 
> Are we affected by these?

BTW, some years ago my company contributed a patch to the X folks that
allows you to run X without having it listen to the network at all --
see the --nolisten tcp option. I've run all my X servers this way ever
since.

I highly recommend that people run their X systems this way. It
eliminates a whole host of worries about security. Sure, someone could
still break root on your machine locally, but for things like single
user workstations, it eliminates the entire worry about X being
insecure over the wire.

I almost think we should make this the shipped default for NetBSD but
it would break a few people.

--
Perry E. Metzger		perry@wasabisystems.com
--
Quality NetBSD Sales, Support & Service. http://www.wasabisystems.com/