[Techtalk] Security Issue:disallowing external access to X windows
Julie
jockgrrl at austin.rr.com
Thu Sep 13 19:52:53 EST 2001
Jeff Dike wrote:
>
> rstarceski at redcreek.com said:
> > I have my ipchains rule setup to disallow external access to X
> > windows. In this system we only want X to be run on the console.
>
> Are you disallowing the running of X clients on the system that display on
> other machines, or disallowing the display of remote X clients on the local
> X server?
>
> Preventing other machines from displaying on your server can be done by
> preventing the server from using TCP as already mentioned.
>
> If you don't want your X clients displaying to other machines, that sounds
> a bit trickier. I have a hazy recollection that logging in on a certain
> terminal (such as the console) could give you membership in a specific group.
> If this is so, then you could make all the X clients (or maybe the X libraries)
> executable by only members of that group. This would effectively prevent
> anyone not logged in on the console from running X apps remotely.
... unless the person knows how to use the "ftp" or "cp" commands.
In which case they just bring their own binaries with them.
My ipchains rule firewalls ports 6000 thru some other number (which
is bigger than need be) on my external, cable-modem connected,
interface.
ipchains is easy to use and your friend ;-)
--
Julianne Frances Haugh Life is either a daring adventure
jockgrrl at austin.rr.com or nothing at all.
-- Helen Keller
More information about the Techtalk
mailing list