nolisten tcp for all displays

When I start a new X display using “switch user” menu entry, it starts without “-nolisten tcp” option and listens the 6001 port on all interfaces.

ps ax | grep Xorg

says:


7121 tty7     Ss+    0:39 /usr/bin/Xorg -br :0 vt7 -nolisten tcp -auth /var/lib/xdm/authdir/authfiles/A:0-KVXppa
8156 tty8     Ss+    0:03 /usr/bin/Xorg -br :1 vt8 -auth /var/lib/xdm/authdir/authfiles/A:1-IAHXha

How to add “-nolisten tcp” to displays other than :0?
OS is OpenSUSE 12.1.

I first couldn’t believe it. But you are correct Xorg is listening on port 6001. I consider this being a severe security risk. Do you agree?
And this is on 12.2.

It then would be worth reporting at Bugzilla.

Yes, that was the reason I asked here.
I found the /etc/X11/xinit/xserverrc file containing lines:


test "$DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" != "yes" && \
  args="$args -nolisten tcp"

I commented them out and added args=“$args -nolisten tcp” without any condition.
It didn’t help, because it only affects :0 display.

Maybe anybody knows where to find the file like this which will affect all displays?

The problem is that it is difficultt search for a file where DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN is not used and that nevertheless is applicable.

The variable args is used in xserverrc in a call to X. But that is also not a nice string to seach for anywhere in the lot of X11 files :frowning:

X server is normally started by display manager, so the question cannot be answered without knowing which display manager is used. I use GDM under 12.2 and all X servers are started with nolisten:

bor@opensuse:~> ps -efwww | grep X
root      1007  1002  0 дек.21 tty7 00:10:35 /usr/bin/Xorg :0 -background none -logverbose 7 -auth /var/run/gdm/auth-for-gdm-CkvkL3/database -nolisten tcp vt7
root     10074 10070  4 10:54 tty8     00:00:03 /usr/bin/Xorg :1 -br -verbose -auth /var/run/gdm/auth-for-gdm-E6zZYT/database -nolisten tcp vt8
root     10455 10449 13 10:55 tty9     00:00:03 /usr/bin/Xorg :2 -br -verbose -auth /var/run/gdm/auth-for-gdm-2tjSVz/database -nolisten tcp vt9

Using KDE and thus (well, I did not change it to something else) using KDM

That would narrow down the bug to KDM. Would it be better to report it in openSUSE Bugzilla or to go directly to KDE?

I use KDE with KDM too.
I already posted a bugreport with a link to this thread to OpenSUSE bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=795791

On 2012-12-23 10:36, hcvv wrote:
>
> Using KDE and thus (well, I did not change it to something else) using
> KDM
>
> That would narrow down the bug to KDM. Would it be better to report it
> in openSUSE Bugzilla or to go directly to KDE?

oS bugzilla always, unless proved otherwise.


Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 “Celadon” (Minas Tirith))

The bug description looks very good to me. Thanks for filing this.