On Fri, May 14, 2004 at 03:38:58PM -0400, Jeremy Brown wrote: > Tom 'Needs A Hat' Mitchell wrote: > >On Thu, May 13, 2004 at 10:32:27AM -0400, Jay Daniels wrote: > > .... > >Not really. X-Windows uses networking. > > > >However X is happy to use only the 127.0.0 localhost (loopback) > >network and does not need to connect to or accept connections > >from networks to the outside world. > > > > > Not to nitpick, but we just had a thread about this. X11 mostly uses > UNIX domain sockets for local communication (file-based, they reside in > "/tmp" if you're curious). TCP-based communication (i.e. "using ports") > is disabled by default in Fedora. Nitpicking is good. I learned some stuff in this discussion. When the client is using DISPLAY set thus: $ echo $DISPLAY :1.0 I see "socket(PF_UNIX, SOCK_STREAM, 0)" in the system call trace of a client. (PF_UNIX, PF_LOCAL Local communication) and when the client is using DISPLAY set thus: $ echo $DISPLAY localhost:1.0 I see "socket(PF_INET, SOCK_STREAM, IPPROTO_IP)" in the system call trace of a client (PF_INET IPv4 Internet protocols). And this does fail unless I tell and when I ssh in I see DISPLAY set thus: $ echo $DISPLAY localhost:11.0 I see "socket(PF_INET, SOCK_STREAM, IPPROTO_IP)".... So I stand corrected -- while all the communications are done with sockets local communication need not use TCP any more. By tinkering with /etc/X11/gdm/gdm.confn $ diff gdm* 162d161 > DisallowTCP=false remote access ports will be opened by gdm that can then in turn be blocked by packet/port filters. Other window managers (there are lots) may act or be configured differently. -- T o m M i t c h e l l /dev/null the ultimate in secure storage.