exporting display to Fedora box
Andy Green
fedora at warmcat.com
Mon Nov 10 21:20:32 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 10 November 2003 20:56, Kerry Cox wrote:
> on box B or Fedora so it would accept incoming X connections.
> Just curious why this would be so.
[agreen at fastcat agreen]$ ps -Af | grep X
root 4081 4080 1 Oct30 ? 03:30:04 /usr/X11R6/bin/X :0 -audit 0
- -auth /var/gdm/:0.Xauth -nolisten tcp vt7
That -nolisten tcp is there by default to stop evil people touching your X
session (which is apparently very rapidly equivalent to "becoming root").
Hm
[agreen at fastcat agreen]$ grep nolisten /etc/X11/* -R
/etc/X11/gdm/factory-gdm.conf:# If true this will basically append -nolisten
tcp to every X command line,
/etc/X11/gdm/factory-gdm.conf:# not add a "-nolisten tcp", as then the query
just wouldn't work, so
/etc/X11/gdm/gdm.conf:# If true this will basically append -nolisten tcp to
every X command line,
/etc/X11/gdm/gdm.conf:# not add a "-nolisten tcp", as then the query just
wouldn't work, so
[agreen at fastcat agreen]$ vi /etc/X11/gdm/gdm.conf
# If true this will basically append -nolisten tcp to every X command line,
# a good default to have (why is this a "negative" setting? because if
# it is false, you could still not allow it by setting command line of
# any particular server). It's probably better to ship with this on
# since most users will not need this and it's more of a security risk
# then anything else.
# Note: Anytime we find a -query or -indirect on the command line we do
# not add a "-nolisten tcp", as then the query just wouldn't work, so
# this setting only affects truly local sessions.
#DisallowTCP=true
so its off in there... don't know where its added then, you'll have to grep
around.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/sAEgjKeDCxMJCTIRAngSAJ4w/HWvom4helWIp8LMsqWsRFG4jgCfaNbs
q3mpO14UJVpBkMIxvUrYW+Q=
=ms/V
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list