View previous topic :: View next topic |
Author |
Message |
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Thu May 16, 2002 8:42 pm Post subject: XFree86 and -nolisten. On or off by default? Discuss. |
|
|
EDIT: This thread was split out from this thread.
jay wrote: | you could even securing this by adding the -nolisten tcp option. |
Actually, any reason why that shouldn't be the default option as part of the XFree86 install? (probably a better issue for Gentoo suggestions -- if this turns into a thread of its own, I'll move it there)
--kurt _________________ The problem with political jokes is that they get elected
Last edited by klieber on Fri May 17, 2002 11:43 am; edited 1 time in total |
|
Back to top |
|
|
kang Guest
|
Posted: Fri May 17, 2002 10:09 am Post subject: |
|
|
klieber wrote: | jay wrote: | you could even securing this by adding the -nolisten tcp option. |
Actually, any reason why that shouldn't be the default option as part of the XFree86 install? (probably a better issue for Gentoo suggestions -- if this turns into a thread of its own, I'll move it there)
--kurt |
because for most non-desktop-mail-web-and-mp3-and-sometimes-divx users it's usefull
in fact it's the whole power of xwindow =)
btw why users on the forum read the "securing gentoo" there is a link on main page of gentoo, instead of asking things that are answered there ??????? (like setuid, etc)
just read it, gentoo howtos are very good compared to others |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Fri May 17, 2002 11:40 am Post subject: |
|
|
kang wrote: | because for most non-desktop-mail-web-and-mp3-and-sometimes-divx users it's usefull
in fact it's the whole power of xwindow =) |
That doesn't answer the question of why it should be turned on by default. It's more secure to leave it off -- those folks that want to have it on can simply flip the bit. Why should it be turned on by default?
kang wrote: | btw why users on the forum read the "securing gentoo" there is a link on main page of gentoo, instead of asking things that are answered there ??????? (like setuid, etc) |
Because, AFAIK, that document was posted in the last few days -- certainly not before April 17th when this thread started.
--kurt
P.S. I'm going to split out the last two posts and create a new thread for them in gentoo suggestions. _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
jay l33t
Joined: 08 May 2002 Posts: 980
|
Posted: Fri May 17, 2002 12:32 pm Post subject: |
|
|
Personally I think it's better to turn it off. Most people won't have a home network, so there is afaik no need for a remote login. And if you have to, ssh would be useful for most tasks. If you leave ports open, because this is easier for people to get along then you'll run sooner or later into the same problems as M$. _________________ Do you want your posessions identified? [ynq] (n) |
|
Back to top |
|
|
dArkMaGE Apprentice
Joined: 20 Apr 2002 Posts: 152
|
Posted: Fri May 17, 2002 5:02 pm Post subject: |
|
|
well i do use the remote caps of xfree, however id agree with turning it off by default cuz in general you dont really need it and it is a security risk. however, if it is turned off make sure to make a big announcement about it otherwise youll have a million posts about how xfree stopped working correctly |
|
Back to top |
|
|
MaRTiaN Tux's lil' helper
Joined: 22 Apr 2002 Posts: 85 Location: London
|
Posted: Fri May 17, 2002 9:44 pm Post subject: |
|
|
Go secure, everything off by default. (Well maybe not port 80, 443 etc.)
Of course noobs will innundate the forums with questions, but if its pointed out clearly in the installation instructions people who actually RTFM will know what to do. Those people that actually need these ports open, should already know how to open them anyway
Of course a new manual might be needed - unsecuring gentoo _________________ Some people are alive only because it's illegal to kill them. |
|
Back to top |
|
|
proxy Apprentice
Joined: 20 Apr 2002 Posts: 260 Location: Chantilly, VA
|
Posted: Fri May 17, 2002 9:55 pm Post subject: |
|
|
i agree, go with security but DOCUMENT this well as most "popular" distros do what is convenient and leave it on.
as long as you do your best to make it well known, i think security is somthing that is a very good strong point woith gentoo..i mean geeze i had no ports open after install except X....redhat will open like 4-5 by default.
proxy |
|
Back to top |
|
|
Jeevz Bodhisattva
Joined: 15 Apr 2002 Posts: 195 Location: Boston, MA
|
Posted: Fri May 17, 2002 10:50 pm Post subject: |
|
|
Agreed, keep it closed by default and document it.
Typically the person using these features of X will know how to open the port anyway. |
|
Back to top |
|
|
|