Re: Several questions

[Wade Hampton <wade.hampton@xxxxxxxx>]

Bill Anderson wrote:

> On Mon, 2003-11-03 at 16:08, Wade Hampton wrote:
>  
>
> > Satish Balay wrote:
> >    
> >
> > > > If GDM was listening for remote connections it would be on port 177, but 
> > > > since
> > > > by default it doesn't do that, this isn't your issue.
> > > >
> > > > Port 6000 is (by default) the port that the first X display will listen 
> > > > to for incomming
> > > > connections. 
> > > >        
> ...
>  
>
> > On RH 8, I added DisallowTCP=true to the gdm.conf file and it worked.
> > I have tried in my gdm.conf file [security] section as described in
> > http://www.jirka.org/gdm-documentation/x227.html
> >
> > When I restart gdm or when I reboot, port 6000 is still open (nmap -s T 
> > <ip address>).
> >
> > I hope it is fixed in Fedora (of course, I hope the docs also describe 
> > how to open it
> > back up for those that don't know this option).
> >    
>
> Wade, please reread the post. GDM is NOT listening on 6000, so your
> changes to gdm.conf will NOT affect that. It is not a bug, you are
> looking at the wrong software.
>  
Thanks.  I know that GDM is not the one doing the listening. 
GDM starts the X server and when doing so has to pass
"-nolisten tcp" to the X server to tell the it to not open port 6000.
On my box at home (runlevel 3), I have a runx script that starts X with
-nolisten tcp added to the command line.  According to the GDM site,
the DisallowTCP option passes this option to the X server so it would
control port 6000 (not port 177, which would be controlled by the XDCMP
options). 

See:  http://www.jirka.org/gdm-documentation/x227.html

Snips below:


     Security Options

*[security]*

-snip-

DisallowTCP

DisallowTCP=true

   If true, then always append -nolisten tcp to the command line of
   local X servers, thus disallowing TCP connection. This is useful if
   you do not care for allowing remote connections, since the X
   protocol could really be potentially a security hazard to leave
   open, even though no known security problems exist.

-snip-


     XDCMP Support

*[xdmcp]*

-snip-

Enable

Enable=false

   Setting this to true enables XDMCP support allowing remote
   displays/X terminals to be managed by GDM.

   gdm listens for requests on UDP port 177. See the Port option for
   more information.

> Reread the post from Ben Russo, it contains your answers (despite the
> goof on xhost+, don't do that).
>  
Know about xhost+ :). 

Back to the original question.  Is there a simple way to set the box so
that when I log in, X is not listening on port 6000?

Thanks,
--
Wade Hampton