Hi, On 09/12/2014 08:40 PM, Keith Packard wrote: > Hans de Goede <[email protected]> writes: > >> This patch fixes this, I realize that this is a behavior change, and as such >> may be a bit controversial, but I really believe that in this day and age >> "-nolisten tcp" by default is the right thing to do. > > I've posted patches to Xtrans and the X server that disable tcp and unix > listener ports by default while providing a '-listen' command line > option to re-enable them. Missing from these patches are a version bump > to Xtrans and the associated version check in the X server. If the > general form of these patches is acceptable, I'd bump the Xtrans > version, do a release, and then make the X server depend on that. > > The 'unix' listener port uses a non-abstract socket, /tmp/.X11-unix/X0, > which is subject to various security threats, and which xcb and Xlib > don't use anymore.
I was afraid that people would consider your solution a too big hammer, but since it seems that that is not the case I'm all in favor of this change. Also +1 for dropping /tmp/.X11-unix/X* on Linux. Question, could we somehow also get rid of /tmp/.X*-lock ? If we drop /tmp/.X11-unix/X* that would be another step to getting rid of things expected to be in a global /tmp namespace, which breaks having a private per user /tmp dir. Regards, Hans _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
