Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Oct 2002 11:57:59 -0500 (CDT)
From:      "Brandon D. Valentine" <bandix@geekpunk.net>
To:        John Baldwin <jhb@FreeBSD.org>
Cc:        Matthew Seaman <m.seaman@infracaninophile.co.uk>, FreeBSD Hackers List <freebsd-hackers@FreeBSD.org>
Subject:   Re: X11 display problem
Message-ID:  <20021025114346.P277-100000@taran.dhcp.mc.vanderbilt.edu>
In-Reply-To: <XFMail.20021025104252.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 25 Oct 2002, John Baldwin wrote:

> Would be nice if there could be a 'WITH_TCP' or some such option for
> the port to enable normal behavior for those people who aren't super
> paranoid.  Having an uber-secure box doesn't do you any good if you
> can't use it to get actual work done.

Word.

I'm not near my FreeBSD machines at this moment but this weekend I'll
hack up the necessary patch if nobody else bothers.  Probably better to
call it something less ambigious like X11_LISTEN_TCP or similar so those
who want to put it in make.conf don't incur namespace ambiguity and
possible collision with other ports that might use similar make
variables with different semantic meaning.  WITH_TCP doesn't have the
same sort of global meaning that WITH_GNOME does.

The other option is to do away with the insecurity of listen_tcp by
teaching OpenSSH how to setup X11 forwarding using unix domain sockets.
See this message for details:

http://lists.debian.org/debian-user/2000/debian-user-200002/msg00109.html

This is probably the most worthwhile and secure avenue.  To be perfectly
honest I'm wondering why I still have yet to notice support for it in
OpenSSH.

Brandon D. Valentine
-- 
http://www.geekpunk.net                         bandix@geekpunk.net
++[>++++++<-]>[<++++++>-]<.>++++[>+++++<-]>[<+++++>-]<+.+++++++..++
+.>>+++++[<++++++>-]<++.<<+++++++++++++++.>.+++.------.--------.>+.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021025114346.P277-100000>