Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [discuss] Observations on 9.2
From: Michael Scherer (scherer.michaelfree.fr)
Date: Thu Oct 23 2003 - 08:42:43 CDT
On Thursday 23 October 2003 14:27, Gavin Porter wrote:
> I have just installed Mandrake 9.2 in Paranoid mode and have a few
> Generally, looks great and is even more smooth than 9.1
> X is defaulting to accepting TCP connections from anywhere. The
> default, particularly for the higher security levels, should be do
> disable TCP as a transport protocol to X leaving the more secure
> local domain sockets.
> My current approach for this is by editing /usr/X11R6/bin/startx to
> set the defaultserverargs variable to '-nolisten tcp'
> Do people think that this should perhaps be the default behaviour for
> all users?
> If not, I can build this into msec if there is some interest.
> Another problem is that X does not work when the secure kernel is
> booted. The X server loads but is then killed by the kernel. A syslog
> entry suggests this is by PAX, although I don't know what PAX is.
yes, this is in the FAQ of grsecurity patch.
X use some syscall denied by the patch