Bugtraq mailing list archives
Re: XFREE86 can block reserved ports
From: abelits () PHOBOS ILLTEL DENVER CO US (Alex Belits)
Date: Wed, 6 Aug 1997 08:35:25 -0700
On Wed, 6 Aug 1997, Willy TARREAU wrote:
Hello, and sorry if it is already known stuff. XFree86, as any X-server, uses TCP ports 6000 and above to listen to, waiting for incoming connections. Any user can choose his display number simply by starting "X :0" or "X :2500" or "X :any_display". The X server automatically chooses its port by adding the display number to 6000. But as the ports are 16-bits coded, port 65536 equals 0, so displays 59536 to 65535 generate listening sockets on ports 0 to 5999. And as the X-server runs suid root, any user can use it to block known ports before a daemon starts using it. For example, it would be possible to use display 59556 = port 20 to prevent ftp server from transfering data with remote systems.
This is one more reason to remove setuid bit from X server. xdm starts local X server just fine.
It is even possible to run a server on any port <= 1023 to disable local rlogin/rsh from the local host.
Considering the level of security provided by checking outgoing port number, creating trouble for the use of this feature can be considered a security enhancement ;-) -- Alex
Current thread:
- Re: SSH LocalForward Sevo Stille (Aug 02)
- <Possible follow-ups>
- Re: SSH LocalForward Sevo Stille (Aug 03)
- Re: SSH LocalForward long-morrow () CS YALE EDU (Aug 03)
- Re: SSH LocalForward Kyle Amon (Aug 04)
- Netscape Referer header considered harmful? Ronald L. Parker (Aug 04)
- Re: Netscape Referer header considered harmful? Eric Murray (Aug 06)
- Re: SSH LocalForward Bryan Andregg (Aug 05)
- SGI Security Advisory 19970509-02-PX - IRIX ordist Buffer Overrun SGI Security Coordinator (Aug 05)
- IMAPd scans Steve Herman (Aug 06)
- XFREE86 can block reserved ports Willy TARREAU (Aug 06)
- Re: XFREE86 can block reserved ports Alex Belits (Aug 06)
- Re: SSH LocalForward Kyle Amon (Aug 04)