plug TurboLinux

russ russ at powerstech.com
Thu Jun 11 11:40:48 WST 1998


Matt Kemner wrote:

> On Thu, 11 Jun 1998, russ wrote:
>
> ecurity reasons.. I don't know anything abour TurboLinux or how secure
> the lastest version is, but I do know that version 1.2 at least has a VERY
> VERY DANGEROUS security hole in it, which if you run X regularly could
> allow anybody to take over your machine at will.
>
> If you're running 1.2 or lower, and you're running X, locate the file
> /etc/X11/xinit/xinitrc ASAP and comment out the line
> xhost +
>
>  - I'm not kidding. In the words of Vincent Zweije (who wrote an excellent
> FAQ on running Remote X securely) "Xhost should be taken out and shot."
> http://www.xs4all.nl/~zweije/xauth.html
>

It did have that line in there and I have deleted it (just in case I forget
and put it back in).

Thanks!



> Then download
> ftp://ftp.turbolinux.com/pub/tl_updates/xinitrc-2.0-3TL.i386.rpm and
> install that (rpm -Uvh xinitrc-2.0-3TL.i386.rpm)
> It may be worthwhiel checking that tl_updates dir for other packages and
> installing them too for good measure.
>

Thanks again, I will.


> > Is this the right place for these questions? If not could
> > you point me in the right direction?
>
> You can ask anything you like about linux on this list, but asking any
> linux group about linux distributions is usually a bad idea unless you
> enjoy "religious" flamewars cos that's what they usually end up as. :)
> (don't discuss religion, politics or linux distributions with your friends
> :P)
>
>  - Matt

I'll remember that.


russ



More information about the plug mailing list