329 lines
5.8 KiB
HTML
329 lines
5.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>X Networking and Security</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="The X Window User HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="X and the Command Line"
|
|
HREF="cli.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Performance Considerations"
|
|
HREF="performance.html"></HEAD
|
|
><BODY
|
|
CLASS="sect1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>The X Window User HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="cli.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="performance.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="xsecurity"
|
|
></A
|
|
>8. <SPAN
|
|
CLASS="application"
|
|
>X</SPAN
|
|
> Networking and Security</H1
|
|
><P
|
|
> As mentioned, <SPAN
|
|
CLASS="application"
|
|
>X</SPAN
|
|
> is essentially a networking
|
|
protocol with graphical displaying capabilities. This makes for some
|
|
interesting usage possibilities. And also means there are inherent security
|
|
considerations, as there is with any networking environment. And if you ever
|
|
connect to the Internet, you are in the midst of one very large, hostile
|
|
network ;-)
|
|
|
|
</P
|
|
><P
|
|
> X clients connect to X servers via various networking protocols, including
|
|
TCP/IP. Even with just local connections. Possible usages here are to run an
|
|
application on one computer, and display it on another. Or, to actually log
|
|
in to a remote system, and have it display to your local screen, with the
|
|
client apps using the remote system's CPU and RAM.
|
|
|
|
</P
|
|
><P
|
|
> Without any precautions, this can leave you wide open to various types of
|
|
mischief and abuse. For instance, anyone logged into to your system can
|
|
access your <SPAN
|
|
CLASS="QUOTE"
|
|
>"display"</SPAN
|
|
>, meaning they can see what you are doing
|
|
if they want to. Thankfully, most recent Linux releases come with some
|
|
default security precautions enabled. But it is best to make sure for
|
|
yourself that you are protected.
|
|
|
|
</P
|
|
><P
|
|
> Both <SPAN
|
|
CLASS="application"
|
|
>X</SPAN
|
|
> networking and security are nicely covered
|
|
in <A
|
|
HREF="http://tldp.org/HOWTO/Remote-X-Apps.html"
|
|
TARGET="_top"
|
|
>The Remote X Apps Mini HOWTO
|
|
</A
|
|
>,
|
|
so we shall not need to try to rehash it here. Recommended reading. See other
|
|
references in the <A
|
|
HREF="appendix.html#links"
|
|
>Links section</A
|
|
> of the
|
|
Appendix below.
|
|
|
|
</P
|
|
><P
|
|
> A few recommended precautions:
|
|
|
|
</P
|
|
><P
|
|
> <P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
> Never, ever run <SPAN
|
|
CLASS="application"
|
|
>X</SPAN
|
|
> as root. The number of bad
|
|
things that can happen, dramatically increases when logged in as root.
|
|
Learn to run as much as possible as a regular user, and su to root only
|
|
when needed. This may sound like a lot of extra work (and probably is at
|
|
first), but once the <SPAN
|
|
CLASS="QUOTE"
|
|
>"right"</SPAN
|
|
> way of doing things is learned,
|
|
it soon becomes second nature.
|
|
|
|
</P
|
|
><P
|
|
> A brief anecdote from a friend: he had a client who's new system stopped
|
|
<SPAN
|
|
CLASS="QUOTE"
|
|
>"working"</SPAN
|
|
>. Curiously, he found the entire
|
|
<TT
|
|
CLASS="filename"
|
|
>/dev</TT
|
|
> directory was missing, which he re-installed and
|
|
all was well again. He was back a few days later and found the system
|
|
logged in as root to <SPAN
|
|
CLASS="application"
|
|
>X</SPAN
|
|
>, and someone had clicked
|
|
on <TT
|
|
CLASS="filename"
|
|
>/dev</TT
|
|
> in the file manager, and dragged it onto the
|
|
desktop. Smooth move!
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> If you ever connect to a network with untrusted users, be sure to have a
|
|
firewall between you and them. This goes double for the Internet.
|
|
Firewalling is beyond the scope of this document, but is covered in many
|
|
other places, including your vendor's website. <A
|
|
HREF="http://linuxdoc.org"
|
|
TARGET="_top"
|
|
>http://linuxdoc.org</A
|
|
> has several security
|
|
HOWTOs that can help as well. <A
|
|
HREF="http://linuxsecurity.com/docs/"
|
|
TARGET="_top"
|
|
>http://linuxsecurity.com/docs/</A
|
|
>
|
|
is another good place to look.
|
|
|
|
</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> You can disable TCP connections with the <SPAN
|
|
CLASS="QUOTE"
|
|
>"-nolisten tcp"</SPAN
|
|
>
|
|
command line X server switch. This does not help for local connections
|
|
though. For <B
|
|
CLASS="command"
|
|
>xinit/startx</B
|
|
>:
|
|
</P
|
|
><P
|
|
> <TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>
|
|
exec X :0 -dpi 100 -nolisten tcp
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
><P
|
|
> Placed in <TT
|
|
CLASS="filename"
|
|
>~/.xserverrc</TT
|
|
>. And for <B
|
|
CLASS="command"
|
|
>xdm</B
|
|
>,
|
|
in <TT
|
|
CLASS="filename"
|
|
>/usr/lib/X11/xdm/Xservers</TT
|
|
>:
|
|
|
|
</P
|
|
><P
|
|
> <TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>
|
|
:0 local /usr/X11R6/bin/X :0 -nolisten tcp
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
</P
|
|
></LI
|
|
></UL
|
|
>
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="cli.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="performance.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>X and the Command Line</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Performance Considerations</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |