Debian-Image: by default port 6000 open

Rorschach r0rschach at lavabit.com
Mon Aug 18 18:04:16 CEST 2008 

On Mon, 18 Aug 2008 10:45:03 -0300
Joachim Breitner <nomeata at debian.org> wrote:

> A good point that you have discovered there. Maybe we override the X
> options in /etc/init.d/zhone-session? If you find out how to properly
> disable this, please let me know, so I can adjust the init.d file.


Okay this is a bit fancy because we don't use startx. In early xinit version, xinit itself checked for xserverrc but today that's the job of startx. We don't use startx so we have to make a workaround and not using xserverrc. That's imo not a good workaround (now just speculations are following, because I don't know what's the correct way but can think like it should be correct). A good workaround would be not using this /etc/init.d/zhone-session at all but starting X like all normal system do and zhone like any other windowmanager or whatever would be started. 

I dunno what's up with zhone anyway and don't know why this is written in exactly that way. I guess/hope the one who wrote it had a good reason for this because we're breaking with standard-compliance with this way. We are checking for the user-settings (a user defined ~/.xserverrc would be respected) through xsession which is fine but we don't global settings like xserverrc.


Nevertheless the fix is giving xinit the -nolisten tcp with as X-server Option, so behind the -- like this patch would do:

debian-gta02:~# diff /etc/init.d/zhone-session /etc/init.d/zhone-session.old 
37c37
<         start-stop-daemon --start --pidfile ${PIDFILE} --make-pidfile --background --exec ${PROG_XINIT} -- ${PROG_XSESSION} ${PROG_FSO} -- vt4 -nolisten tcp
---
>         start-stop-daemon --start --pidfile ${PIDFILE} --make-pidfile --background --exec ${PROG_XINIT} -- ${PROG_XSESSION} ${PROG_FSO} -- vt4

This works to our satisfaction:

debian-gta02:~# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp6       0      0 :::22                   :::*
LISTEN      0          1734        1108/dropbear 


$ sudo nmap -sS -A 192.168.0.202
 
Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-18 17:47 CEST
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on 192.168.0.202:
Not shown: 1713 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     Dropbear sshd 0.51 (protocol 2.0)
MAC Address: 4A:72:79:A8:81:AD (Unknown)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 248.550 days (since Fri Dec 14 03:36:07 2007)
Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.722 seconds

bye
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openmoko.org/pipermail/support/attachments/20080818/97ac3a84/attachment.pgp

More information about the support mailing list