"Perry E. Metzger" writes:
> 
> Thor Lancelot Simon <tls@rek.tjls.com> writes:
> > An issue to be aware of that trips up many folks running X carefully is
> > that this doesn't prevent *xdm* from listening to the network, allowing
> > anyone who runs X -query foo.bar.com to talk to the XDM on foo.bar.com and
> > attempt to exploit any vulnerabilities it may have.
> 
> True enough. Perhaps we need to write (and contribute back) a similar
> hack for xdm. In virtually every setup, xdm does not need to talk to
> the network -- the ones where it is useful are rare in our context.

Except where NetBSD boxes are used as central login servers and you have
X-terminals xdm-ing off them...

But as people mentioned earlier, just disable the remote login support
in the xdm Xaccess config file if you don't need X-terminal support...