Securing X

Edward Glowacki glowack2@msu.edu
Fri, 24 Aug 2001 11:22:46 -0400


Today's security tip (gathered from the depths of some Google searches!):

To prevent X from opening up a TCP port, edit 'startx' and add
"-nolisten tcp" to serverargs, or run 'startx -- -nolisten tcp'.

If you're not using the startx script, the important part is to
pass X the '-nolisten tcp' option, so however you *do* start X,
make the change there... =)

BTW, if you have X11 forwarding enabled in SSH, you can still
run applications through the tunnel, it works fine... =)

One more socket closed on my box...

-- 
Edward Glowacki			glowack2@msu.edu
Michigan State University	
"...a partial solution to the right problem is better than a complete
solution to the wrong one." (http://uiweb.com/issues/issue14.htm)