[sf-lug] /cool.tricks

maestro maestro415 at gmail.com
Thu Mar 17 13:05:50 PDT 2016


quoting maestro:

>>pretty good info and maybe some 'tricks'

>>some don't/didn't know.

woops, i MEANT to put question mark at the end of that,

which changes it and seeks interesting responses to the

documentation. well, i didn't.

should have been:


>>pretty good info and maybe some 'tricks'

>>some don't/didn't know[?]


which it is NOT. and rick moen pointed out why.


any more input on this is appreciated and...


please forgive my lack of punctuation.



message ends.

________________



On Wed, Mar 16, 2016 at 8:54 PM, Rick Moen <rick at linuxmafia.com> wrote:

> Quoting maestro (maestro415 at gmail.com):
>
> > *5.4. Securing access to the X Window System
> > -------------------------------------------*
> >
> > pretty good info and maybe some 'tricks'
> >
> > some don't/didn't know.
>
> On the one hand, it's a good idea for people to know _why_ having
> '-nolisten tcp' be specified on X11 invocations.  Failure to do that was
> how supposed security expert Tsutomu Shimomura got caught napping by
> Kevin Mitnick in 1995.  See:
>
> https://www.eecis.udel.edu/~bmiller/cis459/2007s/readings/mitnick.html
>
> On the other hand:
>
> The raw X11 protocol with free ability of anything on the network to
> open an X11 client connection is a huge security risk.  That's why even
> back in 1995, we all knew to _not do it_.  Shimomura was widely mocked
> for ioncompetence unbefitting a self-proclaimed security expert.  The
> more so because that risk was so gratuitous, even back then:  As
> everyone knew, you could and should support remote X11 client
> connections over ssh.
>
> And that, the year the above was already old, old news, was _1995_.  The
> reason you don't really have to worry about this any more is that it's
> not 1995 any more.  Nobody leaves X11 open to the network by default.
>
>
> > /cool.tricks
>
> Surely, /usr/local/doc/cool.tricks .
>
> Understanding the rationale behind design of the filesystem hierarchy,
> i.e., the reasons why things go where they do, is very a good idea.  The
> filesystem hierarchy is your friend.  And things should not go into the
> root directory just because you cannot be bothered to think of where
> they belong.
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> Information about SF-LUG is at http://www.sf-lug.org/
>



-- 

*~the quieter you become, the more you are able to hear...*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20160317/3af9a4b4/attachment.html>


More information about the sf-lug mailing list