[11484] in bugtraq
Re: XDM Insecurity revisited
daemon@ATHENA.MIT.EDU (Jeremy Buhler)
Sun Aug 22 18:38:13 1999
Message-Id: <19990821073743.12701.qmail@securityfocus.com>
Date: Sat, 21 Aug 1999 07:37:43 -0000
Reply-To: Jeremy Buhler <jbuhler@SPEAKEASY.ORG>
From: Jeremy Buhler <jbuhler@SPEAKEASY.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <E11HSMz-0006kS-00@the-village.bc.nu>
> On the Red Hat side, for a standard Red Hat 6 using gdm
> not xdm, edit /etc/X11/gdm.conf and set it to
> [xdcmp]
> Enable=0
Regular xdm has an equivalent switch, though it's not
documented anywhere but in the source code. Add the
following resource to your xdm-config file (usually found
in the X11R6 tree in lib/X11/xdm):
! SECURITY: do not listen for XDMCP or Chooser requests
DisplayManager.requestPort: 0
Or, start xdm with the flag '-udpPort 0' .
