At 10:48 24/07/00 , Perry E. Metzger wrote:

>BTW, some years ago my company contributed a patch to the X folks that
>allows you to run X without having it listen to the network at all --
>see the --nolisten tcp option. I've run all my X servers this way ever
>since.
>
>I highly recommend that people run their X systems this way. It
>eliminates a whole host of worries about security. Sure, someone could
>still break root on your machine locally, but for things like single
>user workstations, it eliminates the entire worry about X being
>insecure over the wire.
>
>I almost think we should make this the shipped default for NetBSD but
>it would break a few people.

         None the less, I think it would make a quite reasonable 
default for all *BSDs, perhaps even for XFree86 in general.
The number of folks who want remote access is smaller than those
who don't need it, I'd guess.  In any event, I believe in systems
that ship secure by default.

         If undertaken, it is important that this choice/change
is clearly documented and that any clues needed to run an 
X server without that option were also well documented.

Ran
rja@inet.org