X over the network
Doug Stewart
dstewart at atl.lmco.com
Wed Dec 3 15:30:08 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gordon Messmer wrote:
~ > ... People really shouldn't be suggesting that users turn X tcp support
| on without noting that doing so is very insecure. X runs as the root
| user, and opening a TCP port may make the computer very susceptible to
| exploits.
|
| Unless your machine is on a secure and trusted network, use ssh's X11
| forwarding to run X11 applications remotely.
|
Absolutely. I thought that the security aspect was covered in that
thread, but I could very well be mistaken.
If you ARE running this machine on a corporate or home LAN that is
firewalled/NAT'ed off from the 'Net, then you could probably get away
with it.
Still, if you run Bastille against it, I imagine it would point it out
as a security vulnerability (don't know if this is the case, since I
haven't run Bastille on Fedora yet. Anyone?)
- --
- ----------
Doug Stewart
Systems Administrator/Web Applications Developer
Lockheed Martin Advanced Technology Labs
Quidquid latine dictum sit, altum viditur
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/zgGAN50Q8DVvcvkRAiQdAJkBWffiMT16GX2beJMrtiwrHVwiCQCeKMHV
qIHMiCvQMV7I0JKGhT+hfa0=
=UTkF
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list