Subject: Re: Weekly BSD Security Digest 2000/07/10 to 2000/07/16
To: None <>
From: John Kohl <>
List: tech-x11
Date: 07/24/2000 14:25:26
>>>>> "Perry" == Perry E Metzger <> writes:

Perry> Thor Lancelot Simon <> writes:
>> An issue to be aware of that trips up many folks running X carefully is
>> that this doesn't prevent *xdm* from listening to the network, allowing
>> anyone who runs X -query to talk to the XDM on and
>> attempt to exploit any vulnerabilities it may have.

Perry> True enough. Perhaps we need to write (and contribute back) a similar
Perry> hack for xdm. In virtually every setup, xdm does not need to talk to
Perry> the network -- the ones where it is useful are rare in our context.

No need for any coding work, I think.  You just need to remove the
chooser stuff from /usr/X11R6/lib/X11/xdm/Xaccess (comment out the
CHOOSER BROADCAST and "any host can get a login window" lines).

Well, maybe making it not listen at all would be even better, but the
above step is IMHO something we should do in every future release.

==John Kohl <>, <>
Home page: <>
Bicycling and Skiing to keep fit.