Firewall Wizards mailing list archives

X server in a Firewall

From: John M <idm.john () yahoo com>
Date: Tue, 24 Jan 2006 14:24:04 -0800 (PST)

Taking in account that a graphical interface is a
requirement, from a risk standpoint, what is the
problem in running a X server (using local IPC, no
external port) in an unix based firewall box to manage
it (using a gtk interface, for exemple)?

Managing it trough a ssh port (or a web interface or
another  port used by a proprietary console) wouldn't
increase the risk? since the ssh daemon (or web
server, etc) could be vulnerable and, even if is only
accepting connections from a specific IP, someone on
internal network could do ARP spoofing or something.

Besides this, the box managing the firewall could have
a key logger installed. (I know, in an ideal
world...).








__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

X server in a Firewall John M (Jan 24)
- Re: X server in a Firewall Paul D. Robertson (Jan 24)
  - Re: X server in a Firewall John M (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Brian Loe (Jan 24)
    - Re: X server in a Firewall Paul D. Robertson (Jan 24)
    - Re: X server in a Firewall Chuck Swiger (Jan 24)
    - Re: X server in a Firewall Marcus J. Ranum (Jan 24)
    - Re: X server in a Firewall Cat Okita (Jan 24)
    - Re: X server in a Firewall John M (Jan 24)
    - Re: X server in a Firewall Marcus J. Ranum (Jan 24)

(Thread continues...)