| View previous topic :: View next topic |
| Author |
Message |
febs
n00b
Joined: 18 Jan 2004
Posts: 43
|
 Posted: Tue Oct 26, 2004 11:57 am Post subject: Port 6000: open |
 |
|
One of the things I love of Gentoo is it's behaviour of do NOT opening any port/service, unless it's explicitly instructed to do so.
So, I was quite surprised to find, in a new installation with X.org 6.8, the port 6000 open to the world.
I consider this behaviour a bug. If you agree and there is not a bugzilla issue about this, I will file one.
Thanx for reading me. |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Oct 26, 2004 12:00 pm Post subject: Re: Port 6000: open |
|
|
| febs wrote: | | One of the things I love of Gentoo is it's behaviour of do NOT opening any port/service, unless it's explicitly instructed to do so. |
That is not a feature of any kind, and simply not true in so many situations.
That you perceive it as a certain behaviour does not make it so.
In this case, it isn't so.
| febs wrote: | | So, I was quite surprised to find, in a new installation with X.org 6.8, the port 6000 open to the world. |
Not open to the world - open, period.
Without it, not even the local X server can connect to clients.
| febs wrote: | | I consider this behaviour a bug. If you agree and there is not a bugzilla issue about this, I will file one. |
You have little idea what you're talking about.
But by all means file a "bug" if you want to look silly.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
febs
n00b
Joined: 18 Jan 2004
Posts: 43
|
|
| Back to top |
|
|
febs
n00b
Joined: 18 Jan 2004
Posts: 43
|
| Posted: Tue Oct 26, 2004 12:29 pm Post subject: Re: Port 6000: open |
|
|
| Quote: |
You have little idea what you're talking about.
|
You are just wrong.
How do you interpret this?
| Code: |
netstat -lpt
tcp 0 0 *:6000 *:* LISTEN 6765/X
|
Learn to use netstat, and to be more gentle. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Oct 26, 2004 12:43 pm Post subject: Re: Port 6000: open |
|
|
| febs wrote: | How do you interpret this?
| Code: |
netstat -lpt
tcp 0 0 *:6000 *:* LISTEN 6765/X
|
|
As a listening X server.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
febs
n00b
Joined: 18 Jan 2004
Posts: 43
|
| Posted: Tue Oct 26, 2004 1:05 pm Post subject: |
|
|
| On a TCP socket, not on a UNIX one. Read the first field of the output (and the command line options: "t" means "tcp"). |
|
| Back to top |
|
|
revertex
l33t
Joined: 23 Apr 2003
Posts: 806
|
| Posted: Thu Nov 04, 2004 9:58 pm Post subject: |
|
|
same here, using xdm everything is ok, but with entrance port 6000 is listening.
why is so hard to find docs about entrance? |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Thu Nov 04, 2004 11:22 pm Post subject: |
|
|
Seeing as you come from Debian, here's one you should like:
If the Entrance docs are so hard to find, why use it ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
r1k0d3r
n00b
Joined: 19 Oct 2004
Posts: 33
Location: on a radiowave
|
| Posted: Fri Nov 05, 2004 12:09 am Post subject: |
|
|
hi,
i am surprised to read such remarks,
| Quote: | One of the things I love of Gentoo is it's behaviour of do NOT opening any port/service, unless it's explicitly instructed to do so.
So, I was quite surprised to find, in a new installation with X.org 6.8, the port 6000 open to the world.
I consider this behaviour a bug. If you agree and there is not a bugzilla issue about this, I will file one. |
please beware of such posting.
first i would like to say that it ain't no bug at all, and that maybe you guys should ask google a bit longer before always supposing there is a bug.
i don't remember from which version of Xorg it begun with but all previous version have the port 6000 opend.Why? because its X remote forwarding, as X listen to a tcp connection. Go ask th slackware community for example which have a precompiled version of Xorg 6.7, they all have port 6000 opend, you just have to be aware of it and config it.
Yes it is dangerous but it AINT a bug at all..
if you have compiled your X with some specific flags (i dont remeber is it tcp ethernet or network?) then port 6000 will open when u start X
if you have done so and dont wanna recompil the source , then when you startx type:
$startx -- -nolisten tcp
this command will pass to the X server the nolisten tcp option will disable the listening on the port 6000..
test it with nmap or netstat you will see the port closed
so here budy dont go send useless bug forms to the maintainers theyll rip you off
just READ READ READ READ and GOOGLE GOOGLE GOOGLE
bless
_________________
Last night, i&i dreamt i ate a giant marshmallow, and this morning when i wuk up, my pillow had disappeared...wtf ?!?! |
|
| Back to top |
|
|
revertex
l33t
Joined: 23 Apr 2003
Posts: 806
|
| Posted: Fri Nov 05, 2004 12:42 am Post subject: |
|
|
| adaptr wrote: | Seeing as you come from Debian, here's one you should like:
If the Entrance docs are so hard to find, why use it ? |
lol, just discovered debian long time after gentoo, why use entrance?
entrance is faster than qingy in my machine, looks far better than others (IMHO) and have a very few dependencies compared with gdm and kdm, and i don't like wdm.
| r1k0d3r wrote: | hi,
when you startx type:
$startx -- -nolisten tcp
this command will pass to the X server the nolisten tcp option will disable the listening on the port 6000..
|
r1k0d3r, i don't use startx anymore, there is no proposal to use a login manager and start xsession from cli, my question is where i can find some documentation about how to parse some commands like "-nolisten tcp", "-dpi 100" -br" to entrance?
it seems not implemented, but i can't find nothing about.
the most useful that i have found is this.
http://www.atmos.org/docs/entrance/index.html#intro |
|
| Back to top |
|
|
r1k0d3r
n00b
Joined: 19 Oct 2004
Posts: 33
Location: on a radiowave
|
| Posted: Fri Nov 05, 2004 12:55 am Post subject: |
|
|
ok
My post was strictly a response to febs, the first post which noone seemed to have answered directly..
now
| Quote: | r1k0d3r, i don't use startx anymore, there is no proposal to use a login manager and start xsession from cli, my question is where i can find some documentation about how to parse some commands like "-nolisten tcp", "-dpi 100" -br" to entrance?
it seems not implemented, but i can't find nothing about.
the most useful that i have found is this. |
concerning your matter, i dont have exactly your answer but maybe a clue..
i've just looked at Entrance, and for my part iam using
rox-session
for my xsession manager knowing that i run fluxbox xfce and wm
there is a new tool too for fluxbox i think its fluxspace, have a look but for me rox-session is just great ...
hope it'll help
bless
_________________
Last night, i&i dreamt i ate a giant marshmallow, and this morning when i wuk up, my pillow had disappeared...wtf ?!?! |
|
| Back to top |
|
|
vrln
Guru
Joined: 11 Sep 2004
Posts: 534
Location: Finland
|
| Posted: Sun Nov 28, 2004 9:27 am Post subject: |
|
|
| It's not entrance with port 6000 open, it's X. For some reason entrance starts X without --nolisten-tcp. |
|
| Back to top |
|
|
revertex
l33t
Joined: 23 Apr 2003
Posts: 806
|
| Posted: Mon Dec 06, 2004 9:02 pm Post subject: |
|
|
| vrln wrote: | | It's not entrance with port 6000 open, it's X. For some reason entrance starts X without --nolisten-tcp. |
Good answer, vrln, my only question is where in hell are the docs that explain how to make entrance not listen tcp.
entrance is like a flying saucer, it can across the galaxy if i know how to start the engine.  |
|
| Back to top |
|
|
vrln
Guru
Joined: 11 Sep 2004
Posts: 534
Location: Finland
|
| Posted: Tue Dec 07, 2004 11:37 am Post subject: |
|
|
| revertex wrote: | | vrln wrote: | | It's not entrance with port 6000 open, it's X. For some reason entrance starts X without --nolisten-tcp. |
Good answer, vrln, my only question is where in hell are the docs that explain how to make entrance not listen tcp.
entrance is like a flying saucer, it can across the galaxy if i know how to start the engine. |
I've been thinking about this quite alot... haven't figured out anything yet. :/ |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1173
|
| Posted: Thu Dec 16, 2004 2:32 pm Post subject: |
|
|
Brand new installation, just vanilla X (no fancy display or environment manager yet installed) gives the same open port when xdm is added to rc-update default runlevel.
However, if xdm is removed from default rc and X is started from the console using startx, the "- nolisten tcp" is now present and port 6000 is closed.
I am thinking aloud (but can't try it from work):
Check that | Code: | | :0 local /usr/X11R6/bin/X -nolisten tcp |
is present in /etc/X11/xdm/Xservers.
Also check that | Code: | | serverargs="-nolisten tcp" |
is present in /usr/X11R6/bin/startx
and perhaps (?) | Code: | | :0 local@tty1 /usr/X11R6/bin/X -dpi96 vt7 -nolisten tcp |
in your /usr/share/config/kdm/Xservers if you're running kdm and your dpi is 96 (but that can be ommitted). I would also check the file /opt/kde/share/config/kdm/Xservers for the same entry. Finally for gdm lovers: | Code: | [servers]
0=/usr/X11R6/bin/X -nolisten tcp |
should be present in /etc/X11/gdm/gdm.conf. The above can be followed a step at a time and check to see if port 6000 is closed. If all of the above has been tried and 6000 is still open then I've run out of ideas . . . 
I've also noticed with my xdm vanilla session that there is another port opened by xsm - somewhere around the 33XX range if I remember correctly, when xdm is added to the rc default level.
_________________
Regards,
Mick |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1173
|
| Posted: Thu Dec 16, 2004 7:30 pm Post subject: |
|
|
OK the above was a bit of an overkill! 
Actually, all I needed to change was the first entry in /etc/X11/xdm/Xservers and port 6000 was thereafter found closed no matter how X was launched. It may have been a different story if I had emerged KDE, Gnome, etc. Will check again in the future when I am done installing applications on this box.
Anyway, launching xdm through rc-update I get this funny port opened: | Code: | # netstat -tanv
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN |
and this is caused by xsm: | Code: | # fuser -v -n tcp 32768
here: 32768
USER PID ACCESS COMMAND
32768/tcp michael 9274 f.... xsm
michael 9291 f.... twm
michael 9293 f.... smproxy
michael 9295 f.... xterm
michael 9297 f.... bash
michael 9369 f.... xterm
michael 9371 f.... bash
michael 9374 f.... opera
root 9385 f.... su
root 9388 f.... bash
root 9436 f.... dhcpcd
michael 9450 f.... xterm
michael 9452 f.... bash
root 9455 f.... su
root 9458 f.... bash
root 9462 f.... fuser |
Anyone knows whether this is a vulnerability and how I could close it?
_________________
Regards,
Mick |
|
| Back to top |
|
|
revertex
l33t
Joined: 23 Apr 2003
Posts: 806
|
| Posted: Tue Dec 28, 2004 1:57 pm Post subject: |
|
|
Einfo from xorg-x11-6.8.0-r4.ebuild, maybe this should be helpful
| Code: | * Listening on TCP is disabled by default with startx.
* To enable it, edit /usr/X11R6/bin/startx. |
|
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1173
|
| Posted: Tue Dec 28, 2004 4:41 pm Post subject: |
|
|
Yes, as per my second suggestion further above.
_________________
Regards,
Mick |
|
| Back to top |
|
|
MickKi
Veteran
Joined: 08 Feb 2004
Posts: 1173
|
| Posted: Tue Feb 15, 2005 9:55 pm Post subject: |
|
|
Looking at this issue again, I ended up confusing myself!
When I start X by running "startx", port 6000 does not open as discussed above. However, when I start X by typing "xinit" then X is listening on port 6000. Same happens even when I run "xinit nolisten -tcp": | Code: | root 3622 0.0 0.3 2188 1232 ? Ss 21:15 0:00 login -- michael
michael 3671 0.0 0.4 2344 1304 tty1 Ss 21:16 0:00 \_ -bash
michael 4229 0.0 0.1 2176 636 tty1 S+ 21:43 0:00 \_ xinit -nolisten tcp
root 4230 4.4 8.0 27356 25624 ? S 21:43 0:18 \_ X :0
michael 4248 0.0 0.2 2132 924 tty1 S 21:43 0:00 \_ sh /etc/X11/xinit/xinitrc -nolisten tcp
michael 4277 0.4 1.5 8504 4832 tty1 S 21:43 0:01 \_ /usr/bin/fluxbox
|
but port 6000 is open: | Code: | $ netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN |
Any ideas why this is happening? (I mean why X is listening on port 6000 when launched using "xinit", but not when it is launched with "startX").
_________________
Regards,
Mick |
|
| Back to top |
|
|
|
Networking & Security
