xpra icon
Bug tracker and wiki

Opened 7 years ago

Closed 7 years ago

#106 closed defect (fixed)

Xvfb binds to a TCP port by default

Reported by: bugmenot Owned by: Antoine Martin
Priority: minor Milestone: 0.2
Component: server Version: 0.1.0
Keywords: xvfb server security default Cc:

Description (last modified by Antoine Martin)

Xvfb binds to a TCP port on 0.0.0.0, which is not optimal from a security/sysadmin point of view.
It's easily fixable using --xvfb, but it would be awesome to have "-nolisten tcp" added to the default arguments to Xvfb.

Thanks!

Change History (1)

comment:1 Changed 7 years ago by Antoine Martin

Description: modified (diff)
Milestone: current0.2
Resolution: fixed
Status: newclosed

Just tested this option on:

  • CentOS5.7-amd64
  • CentOS5.7-i386
  • CentOS6-amd64
  • CentOS6-i386
  • openSuse-11.3-amd64
  • openSuse-11.3-i386
  • openSuse-11.4-amd64
  • openSuse-11.4-i386
  • openSuse-12.1-amd64
  • openSuse-12.1-i386
  • fedora-15-amd64
  • fedora-15-i386
  • fedora-16-amd64
  • fedora-16-i386
  • fedora-17-amd64
  • fedora-17-i386
  • fedora-rawhide-amd64
  • fedora-rawhide-i386
  • lenny-amd64
  • lenny-i386
  • lucid-amd64
  • lucid-i386
  • natty-amd64
  • natty-i386
  • oneiric-amd64
  • oneiric-i386
  • precise-amd64
  • precise-i386
  • sid-amd64
  • sid-i386
  • squeeze-amd64
  • squeeze-i386
  • wheezy-amd64
  • wheezy-i386

And all worked as expected, so committed this in r707, added it to the milestone 0.2 page to make sure this gets tested again before release.

Here is a sample command line (as seen with ps) it generated:

Xvfb-for-Xpra-:9 +extension Composite \
   -screen 0 3840x2560x24+32 -nolisten tcp
   -noreset -auth /var/run/gdm/auth-for-antoine-fRs1Bw/database :9
Last edited 7 years ago by Antoine Martin (previous) (diff)
Note: See TracTickets for help on using tickets.