Do consider blocking port 6000 on the next installer (Was: Re: setenv in X11)
Do consider blocking port 6000 on the next installer (Was: Re: setenv in X11)
- Subject: Do consider blocking port 6000 on the next installer (Was: Re: setenv in X11)
- From: Rui Carmo <email@hidden>
- Date: Sat, 1 Feb 2003 21:09:08 +0000
Which reminds me (to the Apple people on this list) that adding a
firewall setting (on Preferences|Sharing|Firewall) to block port 6000
might be of some interest.
This could be done by the installer itself, and is a _must_ if X
insists on binding to *.6000:
$ netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address
(state)
tcp4 0 0 *.6000 *.*
LISTEN
By the way, is there a way to force it to bind to localhost
(127.0.0.1)? I've only used X11.app on firewalled systems, but I guess
people running it on the open Internet are asking for trouble. xhost +
or no xhost, running port 6000 on the open Internet is asking for a
rehash of the Sun vulnerabilities of yore... :)
R.
http://mac.against.org
On Sabado, Fev 1, 2003, at 14:35 Europe/Lisbon, Fernando Pereira wrote:
On Friday, January 31, 2003, at 03:01 PM, Nadia Parkar wrote:
I recently installed Apple's X11 on my MacOS10.2.3 machine. I am
trying to figure out how I can remotely log in to another machine and
run applications as if I were sitting on that machine itself. In
XDarwin I used to use the following approach:
-I would type 'xhost +'
-Then login remotely to the machine.After this I would type "setenv
DISPLAY 'my_ip_address':0.0" and everything used to work fine. But
now
I get the error: "Error:Can't open display 'my_ip_address:0.0'".
Do I need to do something specific to have this capability?
Thankyou everyone for your responses. It turns out the problem was my
firewall settings, everything seems to be working fine now. So I have
turned my firewall On but have allowed specific ports for X11 to be
open. Thankyou, Andreas Yankopolus, for this hint.
This is a rather insecure way to operate. It's much better to use ssh
X11 forwarding. From a local xterm, incant
ssh -X your-login@your-remote-host
That opens an interactive shell in your remote host with DISPLAY set
appropriately. You can start your favorite X11 apps from that shell.
Then you don't need open up your firewall to insecure X11 traffic, it
is all tunneled via much more secure ssh. X11 was designed for local
area networks in much more innocent days, way before firewalls became
a must.
-- F
_______________________________________________
x11-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/x11-users
X11 for Mac OS X FAQ: http://developer.apple.com/qa/qa2001/qa1232.html
Report issues, request features, feedback:
http://developer.apple.com/bugreporter
Do not post admin requests to the list. They will be ignored.
_______________________________________________
x11-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/x11-users
X11 for Mac OS X FAQ: http://developer.apple.com/qa/qa2001/qa1232.html
Report issues, request features, feedback: http://developer.apple.com/bugreporter
Do not post admin requests to the list. They will be ignored.