-   Slackware (
-   -   disabling xhost & xauth (

Smokey 06-30-2005 01:29 AM

disabling xhost & xauth
How can I disable or reject any requests for xhost, xauth? From what I understand an attacker can simply login if I have an ip address. But I do not do that, I don't even use x11 forwarding, I just want to lock this down so there is no way possible anyone can use xhost or manipulate xauth?

uselpa 06-30-2005 03:22 PM

From :

If you run X, disable xhost authentication and go with ssh instead; better yet, disable remote X if you can (add -nolisten tcp to the X command line and turn off XDMCP in /etc/X11/xdm/xdm-config by setting the requestPort to 0)

Smokey 06-30-2005 04:52 PM


! $Xorg: xdm-conf.cpp,v 1.3 2000/08/17 19:54:17 cpqbld Exp $
! $XFree86: xc/programs/xdm/config/xdm-conf.cpp,v 1.10 2002/11/30 19:11:32 herrb Exp $
DisplayManager.errorLogFile:        /var/log/xdm.log
DisplayManager.pidFile:                /var/run/
DisplayManager.keyFile:                /usr/X11R6/lib/X11/xdm/xdm-keys
DisplayManager.servers:                /usr/X11R6/lib/X11/xdm/Xservers
DisplayManager.accessFile:        /usr/X11R6/lib/X11/xdm/Xaccess
DisplayManager.willing:                su nobody -c /usr/X11R6/lib/X11/xdm/Xwilling
! All displays should use authorization, but we cannot be sure
! X terminals may not be configured that way, so they will require
! individual resource settings.
DisplayManager*authorize:        true
! The following three resources set up display :0 as the console.
DisplayManager._0.setup:        /usr/X11R6/lib/X11/xdm/Xsetup_0
DisplayManager._0.startup:        /usr/X11R6/lib/X11/xdm/GiveConsole
DisplayManager._0.reset:        /usr/X11R6/lib/X11/xdm/TakeConsole
DisplayManager*chooser:                /usr/X11R6/lib/X11/xdm/chooser
DisplayManager*resources:        /usr/X11R6/lib/X11/xdm/Xresources
DisplayManager*session:                /usr/X11R6/lib/X11/xdm/Xsession
DisplayManager*authComplain:        true

! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
DisplayManager.requestPort:        0

Looks like it is already set to Port zero?

uselpa 06-30-2005 05:02 PM

Yes. The documentation I quoted was for Debian, so in Slackware the config might be different.
Also have a look at /usr/X11R6/bin/startx for the other point.

Of course, you could always block incoming connections with iptables, that's what I did.

All times are GMT -5. The time now is 10:18 AM.