[Techtalk] Security Issue:disallowing external access to X windows
Andrew Wendt
awendt at putergeek.com
Thu Sep 13 23:00:58 EST 2001
On September 13, 2001 20:52, Julie wrote:
> ... unless the person knows how to use the "ftp" or "cp" commands.
> In which case they just bring their own binaries with them.
>
> My ipchains rule firewalls ports 6000 thru some other number (which
> is bigger than need be) on my external, cable-modem connected,
> interface.
Are you sure about "bigger than need be"? My X binaries allow me to use any
port higher than 6000 by specifying a higher display number.
Even then, if you're worried about people bringing binaries with them, they
could compile special binaries that connect to any port they want. So I don't
think ipchains really does much to stop outgoing X client connections if you
don't trust your users.
I don't see why you'd want to stop outgoing X clients though. You'd have to
be able to stop any unprivileged program that opens a TCP connection to send
and receive data... in the end that's all an X program is doing.
TTFN
Andy
More information about the Techtalk
mailing list