Bug 61088

Summary: X listening on port 6000 cannot be disabled
Product: [Retired] Red Hat Linux Reporter: Scott Sharkey <ssharkey>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED CURRENTRELEASE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-11-01 21:33:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Sharkey 2002-03-13 13:43:40 UTC 
Description of Problem:

RH 7.2 with all errata applied. X is listening on port 6000 by default.  I
cannot stop X listening.  I have edited both /etc/X11/xdm/Xservers and 
/etc/X11/gdm/gdm.conf (GDM is running) and added the -nolisten tcp option
to the command line for X, but it does not stop X listening on 6000.

Version-Release number of selected component (if applicable):

7.2

How Reproducible:

Always

Steps to Reproduce:
1. edit /etc/X11/xdm/Xservers and /etc/X11/gdm/gdm.conf
2. Add -nolisten tcp to the :0 and 0= lines respectively
3. reboot and use netstat -ant to check for port 6000
4. I have also tried --nolisten tcp without effect

Actual Results:

X is still listening on port 6000

Expected Results:

X should not be listening on port 6000

Additional Information:

I notice with ps ax that the command line that starts X is
actually /etc/X11/X :0 -auth /var/gdm/:0.Xauth 
while gdm.conf shows 0=/usr/bin/X11/X -nolisten tcp
and Xservers shows :0 local /usr/X11R6/bin/X -nolisten tcp

so - where is X actually being started?
Comment 1 Havoc Pennington 2002-03-13 18:01:51 UTC 
If I edit gdm.conf to have "-nolisten tcp" then I can see the "-nolisten tcp" in
the ps output, and I do not see a port 6000 in netstat. I'm using a beta version
of the next release but the gdm package is essentially unchanged from 7.2.

In any case changing severity->normal, because it isn't an exploitable security
hole, just a possible complication in locking down a configuration more than the
default.

A workaround is to firewall port 6000, of course.

Is your install modified in some way? Maybe the gdm.conf file is not being
parsed successfully? Can you try making the change via "gdmconfig" and see if it
helps?

(Note you don't have to reboot to try changes, just "telinit 3" to shut down X
then "telinit 5" to go back to X.)
Comment 2 Ray Strode [halfline] 2004-11-01 21:33:19 UTC 
Hi,

I'm closing this bug because it's rather old and is probably not an
issue anymore.  If you can still reproduce this problem, feel free to
reopen.