Debian-Image: by default port 6000 open
Rorschach
r0rschach at lavabit.com
Mon Aug 18 18:04:16 CEST 2008
On Mon, 18 Aug 2008 10:45:03 -0300
Joachim Breitner <nomeata at debian.org> wrote:
> A good point that you have discovered there. Maybe we override the X
> options in /etc/init.d/zhone-session? If you find out how to properly
> disable this, please let me know, so I can adjust the init.d file.
Okay this is a bit fancy because we don't use startx. In early xinit version, xinit itself checked for xserverrc but today that's the job of startx. We don't use startx so we have to make a workaround and not using xserverrc. That's imo not a good workaround (now just speculations are following, because I don't know what's the correct way but can think like it should be correct). A good workaround would be not using this /etc/init.d/zhone-session at all but starting X like all normal system do and zhone like any other windowmanager or whatever would be started.
I dunno what's up with zhone anyway and don't know why this is written in exactly that way. I guess/hope the one who wrote it had a good reason for this because we're breaking with standard-compliance with this way. We are checking for the user-settings (a user defined ~/.xserverrc would be respected) through xsession which is fine but we don't global settings like xserverrc.
Nevertheless the fix is giving xinit the -nolisten tcp with as X-server Option, so behind the -- like this patch would do:
debian-gta02:~# diff /etc/init.d/zhone-session /etc/init.d/zhone-session.old
37c37
< start-stop-daemon --start --pidfile ${PIDFILE} --make-pidfile --background --exec ${PROG_XINIT} -- ${PROG_XSESSION} ${PROG_FSO} -- vt4 -nolisten tcp
---
> start-stop-daemon --start --pidfile ${PIDFILE} --make-pidfile --background --exec ${PROG_XINIT} -- ${PROG_XSESSION} ${PROG_FSO} -- vt4
This works to our satisfaction:
debian-gta02:~# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp6 0 0 :::22 :::*
LISTEN 0 1734 1108/dropbear
$ sudo nmap -sS -A 192.168.0.202
Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-18 17:47 CEST
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on 192.168.0.202:
Not shown: 1713 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Dropbear sshd 0.51 (protocol 2.0)
MAC Address: 4A:72:79:A8:81:AD (Unknown)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 248.550 days (since Fri Dec 14 03:36:07 2007)
Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.722 seconds
bye
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openmoko.org/pipermail/support/attachments/20080818/97ac3a84/attachment.pgp
More information about the support
mailing list