[PLUG] configuring a server without X
Wil Cooley
wcooley at nakedape.cc
Mon Mar 25 06:59:58 UTC 2002
Also Sprach Stuart Mathews <smathews at pcez.com> on Sun, Mar 24, 2002 at 09:21:57PM PST
> It seems I read once that having X on a system opens up all kinds of
> security problems. Any chance that's right?
It depends on what you mean by "having X on a system". There's
nothing really insecure about having the X binaries and whatnot
installed; the only thing SUID root is Xwrapper, and that's small
and well-audited. Having an X server/XFS font server, etc up
and running is another matter. The whole of X is far too big
of a thing to be audited; it's likely rife with buffer overflows
and protocol errors that who-knows-what could go wrong with it.
But that's just the X servers--since X is a client/server system,
you can run the clients on your (non-X) server and have them display
remotely on a management workstation or laptop with little or no
danger to the server. That is, if you aren't sending passwords
back and forth (like running an xterm and su'ing to root) and you
aren't using some form of encryption like IPSec or an SSH tunnel.
So in sort, it's both right and wrong ;)
Wil
--
Wil Cooley wcooley at nakedape.cc
Naked Ape Consulting http://nakedape.cc
irc.linux.com #orlug,#pdxlug,#lnxs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20020324/3bcbe9c4/attachment.asc>
More information about the PLUG
mailing list