Several questions

Wade Hampton wade.hampton at nsc1.net
Wed Nov 19 20:11:43 UTC 2003 

Bill Anderson wrote:

>On Mon, 2003-11-03 at 16:08, Wade Hampton wrote:
>  
>
>>Satish Balay wrote:
>>    
>>
>>>>If GDM was listening for remote connections it would be on port 177, but 
>>>>since
>>>>by default it doesn't do that, this isn't your issue.
>>>>
>>>>Port 6000 is (by default) the port that the first X display will listen 
>>>>to for incomming
>>>>connections. 
>>>>        
>>>>
>...
>  
>
>>On RH 8, I added DisallowTCP=true to the gdm.conf file and it worked.
>>I have tried in my gdm.conf file [security] section as described in
>>http://www.jirka.org/gdm-documentation/x227.html
>>
>>When I restart gdm or when I reboot, port 6000 is still open (nmap -s T 
>><ip address>).
>>
>>I hope it is fixed in Fedora (of course, I hope the docs also describe 
>>how to open it
>>back up for those that don't know this option).
>>    
>>
>
>Wade, please reread the post. GDM is NOT listening on 6000, so your
>changes to gdm.conf will NOT affect that. It is not a bug, you are
>looking at the wrong software.
>  
>
Thanks.  I know that GDM is not the one doing the listening. 
GDM starts the X server and when doing so has to pass
"-nolisten tcp" to the X server to tell the it to not open port 6000.
On my box at home (runlevel 3), I have a runx script that starts X with
-nolisten tcp added to the command line.  According to the GDM site,
the DisallowTCP option passes this option to the X server so it would
control port 6000 (not port 177, which would be controlled by the XDCMP
options). 

See:  http://www.jirka.org/gdm-documentation/x227.html

Snips below:


      Security Options

*[security]*

-snip-

DisallowTCP

DisallowTCP=true

    If true, then always append -nolisten tcp to the command line of
    local X servers, thus disallowing TCP connection. This is useful if
    you do not care for allowing remote connections, since the X
    protocol could really be potentially a security hazard to leave
    open, even though no known security problems exist.

-snip-


      XDCMP Support

*[xdmcp]*

-snip-

Enable

Enable=false

    Setting this to true enables XDMCP support allowing remote
    displays/X terminals to be managed by GDM.

    gdm listens for requests on UDP port 177. See the Port option for
    more information.

>Reread the post from Ben Russo, it contains your answers (despite the
>goof on xhost+, don't do that).
>  
>
Know about xhost+ :). 

Back to the original question.  Is there a simple way to set the box so
that when I log in, X is not listening on port 6000?

Thanks,
--
Wade Hampton

More information about the fedora-list mailing list