[Techtalk] Security Issue:disallowing external access to X windows
Julie
jockgrrl at austin.rr.com
Fri Sep 14 01:49:33 EST 2001
Andrew Wendt wrote:
>
> On September 13, 2001 20:52, Julie wrote:
> > ... unless the person knows how to use the "ftp" or "cp" commands.
> > In which case they just bring their own binaries with them.
> >
> > My ipchains rule firewalls ports 6000 thru some other number (which
> > is bigger than need be) on my external, cable-modem connected,
> > interface.
>
> Are you sure about "bigger than need be"? My X binaries allow me to use any
> port higher than 6000 by specifying a higher display number.
Right, but you have to be able to connect to a server which is
listening on that port. There is only one server on this machine
and it only listens on port 6000. That's all I care about.
> Even then, if you're worried about people bringing binaries with them, they
> could compile special binaries that connect to any port they want. So I don't
> think ipchains really does much to stop outgoing X client connections if you
> don't trust your users.
When my 8 1/2 year old figures out how to compile his own special
binaries, =then= I'll worry. About a lot of things!
> I don't see why you'd want to stop outgoing X clients though. You'd have to
> be able to stop any unprivileged program that opens a TCP connection to send
> and receive data... in the end that's all an X program is doing.
Oh, there's a lot of things I want to be able to do ;-)
--
Julianne Frances Haugh Life is either a daring adventure
jockgrrl at austin.rr.com or nothing at all.
-- Helen Keller
More information about the Techtalk
mailing list