Bug 2759

This is a _high_ priority for me!  I wonder why it was intentionally
disabled?  I do a lot of work turning 486's into X terminals... I'd
like to see this fixed.  For now, I'm using an older xfs binary from
Mandrake 5.3.

This has been assigned to a developer for further review.

It was intentionally disabled because of _extreme_ security risk. What
specifically breaks for you?

The default should certainly remain XFS only listening locally.

What specifically breaks:
Running an i486 headless, and having an X-terminal with only 23 fonts.
A "lot of programs" break because they cannot find their desired
fonts... (bad programming :( ). Gnome does a good job of not using
available fonts.

Even "xfs -port 7100" doesn't work as expected, and there are no error
messages about tcp disabled.
I can accept disabling tcp by default, but how do I turn it on?

I spoke with Mike Fulbright at Linux Expo, and promised I'd send a
patch, which I have.  I also forwarded a copy to dkl.  The
original patch was really trivial, and so is mine; except that with
mine, supplying '-port 7100' will make it work.

I think using port directive in xfs config file should also make it
work with TCP. Just changing the default 7100 port to -1 should do the
job - xfs wouldn't normally listen for TCP connections, but specifying
-port xxx in command line or port xxx in .../xfs/config would enable
it.
We should patch the man page too.

As long as default remains XFS _doesn't_ listen on TCP - it has
security issues. I will get round to fixing them sometime :-))

*** Bug 3174 has been marked as a duplicate of this bug. ***

RH 5.2 xfs listens on UNIX port 7100 AND tcp port 7100 by
default. It also accepts the -port argument to change this.

RH 6 doc says the xfs in RH 6 will listen on tcp 7100 by
default.

It does not. It ONLY listens on UNIX port -1 !!!!

(information confirmed by netstat -at and netstat -ax, the
former revealing nothing relating to xfs even when xfs is
plainly running, the latter revealing a UNIX protocol port
at: /tmp/.font-unix/fs-1)

Neither does it accept the -port argument (well, it accepts
it, but it ignores it)

Instructions on page 4 Installation guide suggest putting
"Fontpath "tcp/localhost:7100" in XF86Config. This does not
work (for the above reasons). Only

	"Fontpath "unix/:-1"

works.

------- Additional Comments From dkl  06/01/99 18:26 -------


*** Bug 2514 has been marked as a duplicate of this bug. ***

In section 1.3.0.1 (Enhanced font support) of the
installation guide (I am looking at the electronic version
from the rhl-install-guide-en-6.0-2 rpm) you give
instructions for using the new font server instead of a
conventional fontpath.
Those direction say to use "tcp/localhost:7100" in the
fontpath.  However, the version of xfs in
XFree86-xfs-3.3.3.1-49 has intentionally had TCP
functionality removed (XFree86-3.3.3.1-xfsredhat.patch
modification of file
XFree86-3.3.3.1/xc/programs/xfs/os/connection.c).  The
correct instruction would be to use "unix/:-1" in the
fontpath.

*** Bug 3315 has been marked as a duplicate of this bug. ***

The version in xfs in XFree86-3.3.3.1-49 does not appear to
listen for incoming connections.
Copying xfs from a similar system running
XFree86-3.3.3.1-22  and running it allows telnet connections
to be made to port 7100 and a LISTEN entry shows up in
netstat -a

However, if  xfs from -49 is used then although an strace
reveals it to be waiting at a select, netstat -a makes no
mention of a service listening on 7100 and telnet 127.0.0.1
7100 yields connnection refused. The configuration file used
is the same in both cases.

*** Bug 2779 has been marked as a duplicate of this bug. ***

I always install everything.  The only things I remove
after is all of the foriegn language doc.  I have two
issues with X11.
One:  The Xconfigurator shows me a 32bbp 1620 x 1024  i do
not want this but the options I get to choose from are 8 16
and 24.  I would love to say 32bbp but only 1024 x 768.
I can not figure out to fix this manually.
Two:  After the install I noticed that terminal windows
woud look very bad with crazy snow apperaing all over the
windows when I would execute commands in the windows.  I
could clearit by minimizing the window and then opening
again.  I realized what the issue was when Xwindows quits.
I get a message saying it can not load the right font?
Let me know if I can give you more information.

------- Additional Comments From notting  05/13/99 10:17 -------
try running 'chkfontpath --add /usr/X11R6/lib/X11/fonts/75dpi' and
then '/etc/rc.d/init.d/xfs restart'.

*** Bug 3501 has been marked as a duplicate of this bug. ***

the xfs man page says that xfs opens TCP port 7100
by default.  however, commands which attempt to use
that port (xset, fsinfo, fslsinfo) fail indicating
that xfs isn't listening.  "lsof -p <xfs process>"
says:


# lsof -p 2120
COMMAND  PID USER   FD   TYPE     DEVICE    SIZE  NODE NAME
xfs     2120  xfs  cwd    DIR        3,5    1024     2 /
xfs     2120  xfs  rtd    DIR        3,5    1024     2 /
xfs     2120  xfs  txt    REG        3,5  391872 49207
/usr/X11R6/bin/xfs
xfs     2120  xfs  mem    REG        3,5  342206 28736
/lib/ld-2.1.1.so
xfs     2120  xfs  mem    REG        3,5  538944 28748
/lib/libm-2.1.1.so
xfs     2120  xfs  mem    REG        3,5 4016683 28741
/lib/libc-2.1.1.so
xfs     2120  xfs  mem    REG        3,5  251436 28772
/lib/libnss_nisplus-2.1.1.so
xfs     2120  xfs  mem    REG        3,5  364235 28749
/lib/libnsl-2.1.1.so
xfs     2120  xfs  mem    REG        3,5  243964 28766
/lib/libnss_files-2.1.1.so
xfs     2120  xfs    0u   CHR        1,3          2051
/dev/null
xfs     2120  xfs    1u   CHR        1,3          2051
/dev/null
xfs     2120  xfs    2u   CHR        1,3          2051
/dev/null
xfs     2120  xfs    3r  FIFO        0,0         33619 pipe
xfs     2120  xfs    4r  FIFO        0,0         33621 pipe
xfs     2120  xfs    5u   CHR      136,0             2
/dev/pts/0
xfs     2120  xfs    6r  FIFO        0,0         33804 pipe
xfs     2120  xfs    7u  sock        0,0         33814 can't
identify protocol
xfs     2120  xfs    8u  unix 0xccdbe8c0         33815
/tmp/.font-unix/fs-1
xfs     2120  xfs   10r  FIFO        0,0         33798 pipe
xfs     2120  xfs   12u   CHR      136,0             2
/dev/pts/0
xfs     2120  xfs   21w  FIFO        0,0         33798 pipe
#

which suggests that it has created a socket but not
bound a protocol (like TCP) nor a protocol endpoint
(like 7100) to it?

Fixed in errata XFree86-*-52 release. The default is still
not to serve via TCP, but you can now enable it if you want
to take the security risk/need this functionality...

IMO, this has still not been fixed, even using a recent RawHide RPM
(XFree86-xfs-3.3.5-1.6.0). I would expect the default
/etc/X11/fs/config file to contain a 'port 0' (or similar) to disable
the TCP socket bind. To re-enable the port, I would expect to just
uncomment that line (leaving xfs to assume port 7100 as default).

Instead, I find that the /etc/rc.d/init.d/xfs script contains a
softcoded switch to disable the TCP socket bind :

  start)
	echo -n "Starting X Font Server: "
	rm -fr /tmp/.font-unix
	daemon xfs -droppriv -daemon -port -1

Now I need to re-edit the script each time I upgrade the package. Am I
missing something?

--
Ross Golder <rossigee>

*** Bug 10212 has been marked as a duplicate of this bug. ***

XFree86 4.0.1 and later will not specify a -port option in the xfs init script,
so the default port will be used.  A new config file option "no-listen" has been
added, and the default is "no-listen tcp", so we will remain secure.

Upgraded systems are encouraged to include this option in their xfs config
files.