From: Gavin Porter (g.portereris.qinetiq.com)
Date: Thu Oct 23 2003 - 07:27:51 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have just installed Mandrake 9.2 in Paranoid mode and have a few
observations.

Generally, looks great and is even more smooth than 9.1

X is defaulting to accepting TCP connections from anywhere. The default,
particularly for the higher security levels, should be do disable TCP as
a transport protocol to X leaving the more secure local domain sockets.

My current approach for this is by editing /usr/X11R6/bin/startx to set
the defaultserverargs variable to '-nolisten tcp'

Do people think that this should perhaps be the default behaviour for
all users?

If not, I can build this into msec if there is some interest.

Another problem is that X does not work when the secure kernel is
booted. The X server loads but is then killed by the kernel. A syslog
entry suggests this is by PAX, although I don't know what PAX is.

A final observation - if the display manager has been loaded but can't
load X then it tries to troubleshoot. It allows the user to enter the
root password to load XFDrake. Unfortunately, due to the security level
root logins are disabled, so the attenpt fails.

Regards,
Gavin
- --
Gavin Porter
QinetiQ Trusted Information Management,
Woodward B007, St. Andrews Road, Malvern, Worcestershire, WR14 3PS
tel: 01684 894 879

PGP key:
http://search.keyserver.net:11371/pks/lookup?op=get&search=0x7E691D9F
Fingerprint = 64BB 4E4A 5684 73CE 3A17 68D2 30A4 FC17 7E69 1D9F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/l8lHMKT8F35pHZ8RAmX4AJ43+/IsAuGUx/TwsVqMrdXCi5M3SwCfSu98
RYI69vIENlvXr8WDy4OYDGY=
=Qgqj
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]