[sf-lug] /cool.tricks

Rick Moen rick at linuxmafia.com
Wed Mar 16 20:54:41 PDT 2016


Quoting maestro (maestro415 at gmail.com):

> *5.4. Securing access to the X Window System
> -------------------------------------------*
> 
> pretty good info and maybe some 'tricks'
> 
> some don't/didn't know.

On the one hand, it's a good idea for people to know _why_ having
'-nolisten tcp' be specified on X11 invocations.  Failure to do that was
how supposed security expert Tsutomu Shimomura got caught napping by
Kevin Mitnick in 1995.  See:

https://www.eecis.udel.edu/~bmiller/cis459/2007s/readings/mitnick.html

On the other hand:

The raw X11 protocol with free ability of anything on the network to
open an X11 client connection is a huge security risk.  That's why even
back in 1995, we all knew to _not do it_.  Shimomura was widely mocked
for ioncompetence unbefitting a self-proclaimed security expert.  The
more so because that risk was so gratuitous, even back then:  As
everyone knew, you could and should support remote X11 client
connections over ssh.

And that, the year the above was already old, old news, was _1995_.  The
reason you don't really have to worry about this any more is that it's
not 1995 any more.  Nobody leaves X11 open to the network by default.


> /cool.tricks

Surely, /usr/local/doc/cool.tricks .

Understanding the rationale behind design of the filesystem hierarchy,
i.e., the reasons why things go where they do, is very a good idea.  The
filesystem hierarchy is your friend.  And things should not go into the
root directory just because you cannot be bothered to think of where
they belong.




More information about the sf-lug mailing list