Recently I found out that the Gentoo ebuild of X disables X listening on port 6000. This is nonstandard, evil, wrong, and everything else nasty. BUT I can see why it would be nice for Joe User who doesn't know what networked X is. The system should NOT hold power users hands, and should not protect them from themselves. When I install Gentoo for Aunt Tillie down the street, who has a dial up connection and doesn't know what network abstraction is, let alone why should want it, I would want the X TCP port closed. On any of my machines, which are firewalled off from the internet and/or have their own firewalls allowing necessary traffic (in corporate situations where perimiter security is simply not enough), I WANT X ACTING LIKE X. I'm sure this will come up with other packages, where protecting the User from themselves seems like a good idea but will piss off a small (but vocal) minority of power users and system administrators. Hence my preposed solution would be a USE flag along the lines of "holdmyhand" which is enabled by default. Comments welcome.
i'd disagree with this ... imho a majority of users will never use the tcp listening aspect of X ... it also has had a history of exploits ... if you want listening for X, then edit the config files in /etc/X11, end of story
I don't see the point of this bug -- power users know enough to edit the config file.
This is non-standard behavior modifying the functionality of a major application. I don't see how thats NOT a bug.
would you prefer we have xfree display behaviour that is decidedly and inherently insecure?
default doesnt mean best ;)
Surely a "power user" like yourself would prefer the added security of ssh -X. And it isnt hard to realize that it is far easier to tailor the defaults to the average user and leave the more experienced to tweak to suit their own tastes.
