[Bug 795791] New: Xorg listens tcp port 6001 by default on displays other than :0
https://bugzilla.novell.com/show_bug.cgi?id=795791 https://bugzilla.novell.com/show_bug.cgi?id=795791#c0 Summary: Xorg listens tcp port 6001 by default on displays other than :0 Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: openSUSE 12.1 Status: NEW Severity: Normal Priority: P5 - None Component: X.Org AssignedTo: bnc-team-xorg-bugs@forge.provo.novell.com ReportedBy: sergey.ext@gmail.com QAContact: xorg-maintainer-bugs@forge.provo.novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Firefox/17.0 When I start additional X displays using "switch user", newly created Xorg precesses lack "-nolisten tcp" option and listen ports 6001,6002,... on all network interfaces. "Steps to reproduce" are listed for kde4. Reproducing on gnome should me similar. Results are reproducible on newly installed system. Reproducible: Always Steps to Reproduce: 1. Click "Application Launcher Menu"->"Leave"->"Switch user" 2. Click "New session" on the pop-up at the top of the screen 3. Switch back to your session, get a terminal and check results (See actual and expected results) Actual Results: I started two additional displays (3 displays in all) and got the following: $ ps ax | grep Xorg 6584 tty8 Ss+ 4:01 /usr/bin/Xorg -br :0 vt8 -nolisten tcp -auth /var/lib/xdm/authdir/authfiles/A:0-nmrPBb 8247 tty9 Ss+ 0:34 /usr/bin/Xorg -br :1 vt9 -auth /var/lib/xdm/authdir/authfiles/A:1-BwMEba 10078 tty11 Ss+ 0:03 /usr/bin/Xorg -br :2 vt11 -auth /var/lib/xdm/authdir/authfiles/A:2-vuDelc $ sudo netstat -lpn --tcp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 8247/Xorg tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN 10078/Xorg .... Expected Results: Expected that Xorg will not listen any TCP ports on all interfaces by default. I asked a question at the forum: https://forums.opensuse.org/english/get-technical-help-here/install-boot-log... OpenSUSE 12.2 is also affected. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=795791 https://bugzilla.novell.com/show_bug.cgi?id=795791#c1 Henk van Velden <henk.vanvelden@xs4all.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |henk.vanvelden@xs4all.nl --- Comment #1 from Henk van Velden <henk.vanvelden@xs4all.nl> 2012-12-23 10:51:48 UTC --- I can confirm that the same happens on 12.2. I consider thi as a security bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=795791 https://bugzilla.novell.com/show_bug.cgi?id=795791#c2 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|X.Org |KDE4 Workspace AssignedTo|bnc-team-xorg-bugs@forge.pr |kde-maintainers@suse.de |ovo.novell.com | QAContact|xorg-maintainer-bugs@forge. |qa-bugs@suse.de |provo.novell.com | --- Comment #2 from Stefan Dirsch <sndirsch@suse.com> 2013-01-02 10:54:50 UTC --- Additional Xsessions are started by the DM. According to the forum dicsussion KDM is the culprit here. Reassigning. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=795791 https://bugzilla.novell.com/show_bug.cgi?id=795791#c3 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stakanov@freenet.de --- Comment #3 from Stakanov Schufter <stakanov@freenet.de> 2013-12-10 20:05:03 UTC --- I hope that somebody is after this because it is perfectly valid for opensuse 13.1 with kde 4.11.3 sudo netstat -lpn --tcp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN 4546/Xorg tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 4955/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2113/master tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 3372/Xorg tcp 0 0 :::6002 :::* LISTEN 4546/Xorg tcp 0 0 :::631 :::* LISTEN 1/init tcp 0 0 :::6001 :::* LISTEN 3372/Xorg I found this via zenmap telling me that I was listening on 6001 and 6002. Then via google I found this. Is there a workaround for kdm in the meantime to get rid of X listening? The scenario is exactly the one of the OP. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=795791 https://bugzilla.novell.com/show_bug.cgi?id=795791#c4 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|KDE4 Workspace |KDE4 Workspace Product|openSUSE 12.1 |openSUSE 13.1 OS/Version|openSUSE 12.1 |openSUSE 13.1 --- Comment #4 from Stakanov Schufter <stakanov@freenet.de> 2014-01-02 12:14:20 UTC --- Proven and 100% repeatable with fresh install, 64 bit version, problem seems to lie in kdm.rc Settings via yast are ignored. The 32 bit version seems not affected, afaik. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=795791 https://bugzilla.novell.com/show_bug.cgi?id=795791#c5 --- Comment #5 from Stakanov Schufter <stakanov@freenet.de> 2014-02-23 17:54:07 UTC --- 4.11.6 opensuse 13.1 fresh install. Opensuse did proudly listen on the ports as of above. So, kdmrc lists: serverargs=nolisten (commented out stating: if nothing listed, default so nolisten). Since the defaults are nor respected and X does listen on 6001,6002 ecc, who say to me actually that the setting "local only" is respected. There is the following workaround that for now does stop the problem. You go to /usr/share/kde4/config/kdm/kdmrc and set the serverags=nolisten explicit. Then it stops but every update of KDE it has to be apparently redone. Default values should do this correctly, so why do we have this problem since 12.1? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=795791 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- OS|openSUSE 13.1 |openSUSE 13.2 --- Comment #6 from Stakanov Schufter <stakanov@freenet.de> --- this is still the case with a fresh install of 13.2. The only thing that can stop listening X on 6001 when you have a multiuser system is to set "- nolisten tcp" as an argument in /usr/share/kde4/config/kdm/kdmrc as is: # Additional arguments for the X-servers for local sessions. # This string is subject to word splitting. # Default is "" ServerArgsLocal=-nolisten tcp if you do this, it stops. If not, the settings in yast and the settings for kdm are there but simply not honoured. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com