Re: Several questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bill Anderson wrote:

On Mon, 2003-11-03 at 16:08, Wade Hampton wrote:


Satish Balay wrote:


If GDM was listening for remote connections it would be on port 177, but since
by default it doesn't do that, this isn't your issue.

Port 6000 is (by default) the port that the first X display will listen to for incomming
connections.

...


On RH 8, I added DisallowTCP=true to the gdm.conf file and it worked.
I have tried in my gdm.conf file [security] section as described in
http://www.jirka.org/gdm-documentation/x227.html

When I restart gdm or when I reboot, port 6000 is still open (nmap -s T <ip address>).

I hope it is fixed in Fedora (of course, I hope the docs also describe how to open it
back up for those that don't know this option).



Wade, please reread the post. GDM is NOT listening on 6000, so your
changes to gdm.conf will NOT affect that. It is not a bug, you are
looking at the wrong software.


Thanks. I know that GDM is not the one doing the listening. GDM starts the X server and when doing so has to pass
"-nolisten tcp" to the X server to tell the it to not open port 6000.
On my box at home (runlevel 3), I have a runx script that starts X with
-nolisten tcp added to the command line. According to the GDM site,
the DisallowTCP option passes this option to the X server so it would
control port 6000 (not port 177, which would be controlled by the XDCMP
options). 

See:  http://www.jirka.org/gdm-documentation/x227.html

Snips below:


     Security Options

*[security]*

-snip-

DisallowTCP

DisallowTCP=true

   If true, then always append -nolisten tcp to the command line of
   local X servers, thus disallowing TCP connection. This is useful if
   you do not care for allowing remote connections, since the X
   protocol could really be potentially a security hazard to leave
   open, even though no known security problems exist.

-snip-


     XDCMP Support

*[xdmcp]*

-snip-

Enable

Enable=false

   Setting this to true enables XDMCP support allowing remote
   displays/X terminals to be managed by GDM.

   gdm listens for requests on UDP port 177. See the Port option for
   more information.

Reread the post from Ben Russo, it contains your answers (despite the
goof on xhost+, don't do that).


Know about xhost+ :). 

Back to the original question.  Is there a simple way to set the box so
that when I log in, X is not listening on port 6000?

Thanks,
--
Wade Hampton





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux