security, cvs, was Re: interface bindings of x-server
Keith Whitwell
keith@tungstengraphics.com
Wed Nov 19 08:15:00 GMT 2003
Keith Packard wrote:
> Around 2 o'clock on Nov 19, "roland@webde" wrote:
>
>
>>Keith, could you put this (being able to specify the interface bindings of
>>the xserver on the commandline) as a feature request on http://
>>www.freedesktop.org/Software/XserverWishlist if you find this feature
>>request useful ? i registerd a wiki account, but logging in doesn`t seem to
>>work for me.
>
>
> I'd like to switch the server so that -nolisten tcp is the default; I
> don't see much sense in having it listen to even 127.0.0.1. But, if you
> wanted to make the list of IP addresses that the server bound to
> configurable, that seems like a good idea.
Yep - network transparency is all well & good, but do you really want
something as complex as the X server sitting there with an open port to the world?
On a related issue, does anyone understand what the actual flaw in pserver CVS
is that allowed the linux backdoor attempt? There's been a lot of talk about
the implications of the attempt, but I haven't heard anyone come out and say
"This is the fault in CVS, here's a patch, everything's ok now".
Is it foolhardy to continue running anoncvs, especially without the checks &
balances which caught the backdoor attempt in linux?
Keith
More information about the Cygwin-xfree
mailing list