Bugtraq mailing list archives

Re: XDM Insecurity revisited

From: jbuhler () SPEAKEASY ORG (Jeremy Buhler)
Date: Sat, 21 Aug 1999 07:37:43 -0000

On the Red Hat side, for a standard Red Hat 6 using gdm 
not xdm, edit /etc/X11/gdm.conf and set it to
[xdcmp]
Enable=0


Regular xdm has an equivalent switch, though it's not
documented anywhere but in the source code.  Add the
following resource to your xdm-config file (usually found
in the X11R6 tree in lib/X11/xdm):

! SECURITY: do not listen for XDMCP or Chooser requests
DisplayManager.requestPort:     0

Or, start xdm with the flag '-udpPort 0' .

Current thread:

XDM Insecurity revisited Jochen Bauer (Aug 18)
- Re: XDM Insecurity revisited Martin Schulze (Aug 19)
- Re: XDM Insecurity revisited Thomas Leitner (Aug 19)
- Re: XDM Insecurity revisited Alan Cox (Aug 19)
  - Re: XDM Insecurity revisited Jeremy Buhler (Aug 21)
- Re: XDM Insecurity revisited Dave Plonka (Aug 19)
  - Re: XDM Insecurity revisited Michael Herrmann (Aug 23)
- Announcement [new mailing list] route () RESENTMENT INFONEXUS COM (Aug 19)
- <Possible follow-ups>
- Re: XDM Insecurity revisited Martin K. Petersen (Aug 19)