Hello
On Thu, May 04, 2006 at 07:38:49PM -0700, Mike McDonald wrote:
Of course, it would be nice to not require the X server to run without "--nolisten tcp" but this patch breaks the whole CLX (not only for mcclim) on my system.
No, it'd be really nice if psuedo security weenies wouldn't break the standard X configuration!! (Can you tell I have an opinion on this subject?)
Yes, of course. On every machine I use I have configured (or let configure) X to listen on TCP connection, as I do not only need it for mcclim but in general. It really gets on my nerves that I have to give reasons for the change to each administrator again. Unfortunately, and stupidily, the default for most distributions seems to be "--nolisten tcp" these days. That's the reason why I've said not to require it would be nice; that doesn't mean that I like the decision to use this as the default setting (in the name of an alleged higher security).
(If they are so desperate to want to disable "remote X access"[1] they should bind X to localhost / the loopback device but not disable listening for TCP connections in general.)
Bye, Max
1) See for example: http://www.debianhelp.co.uk/security.htm http://www.us.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.e...