FS#59025 : [xorg-server] xserver by default listens on tcp sockets

FS#59025 - [xorg-server] xserver by default listens on tcp sockets

Attached to Project: Arch Linux
Opened by Tommy Schmitt (spinka) - Friday, 15 June 2018, 20:29 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 17 June 2018, 19:19 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Andreas Radke (AndyRTR) Laurent Carlier (lordheavy)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	3 Mel (Mel) (2018-06-16) loqs (loqs) (2018-06-15) Tommy Schmitt (spinka) (2018-06-15)
Private	No

Details

Description:

Since xorg-xserver 1.20, xserver by default listens on tcp/tcp6 sockets on all network interfaces on port 6000+n (n=display number). Probably this happens due to missing 'listen-tcp' option in new, experimental meson build system[1]. In autotools it always defaulted to disabled[2].

It's not always noticeable as many tools (sddm,gdm,lightdm) pass explicit '-nolisten tcp' xserver argument. It can be seen while using xwayland under kwin wayland session[3][4] (test by running: 'kwin_wayland --xwayland').

Listening on tcp sockets on all network interfaces may be a security issue.

To fix this you can either patch meson build system or switch back to autotools which is more mature.

[1] https://cgit.freedesktop.org/xorg/xserver/tree/meson_options.txt
[2] https://cgit.freedesktop.org/xorg/xserver/tree/configure.ac#n422
[3] https://bugs.kde.org/show_bug.cgi?id=395419#c9
[4] https://bugs.freedesktop.org/show_bug.cgi?id=106573

Steps to reproduce:

1. start xserver without '-nolisten tcp' argument.
2. Check for listening programs on 6000+ port (i.e. 'sudo ss -tunwrap')

This task depends upon

Closed by Andreas Radke (AndyRTR)
Sunday, 17 June 2018, 19:19 GMT
Reason for closing: Fixed

Comment by loqs (loqs) - Friday, 15 June 2018, 23:33 GMT

To match autoconf defaults I believe https://cgit.freedesktop.org/xorg/xserver/tree/include/meson.build#n157 should be set to 0 not 1.

Comment by Andreas Radke (AndyRTR) - Saturday, 16 June 2018, 06:37 GMT

I guess meson build shoud match autotools build system. So this is an upstream bug. And it should be discussed there what behavior is wanted to be the default one.

Comment by Tommy Schmitt (spinka) - Saturday, 16 June 2018, 12:20 GMT

@loqs thanks for pointing this file. Unfortunately I rebuilded xorg in clean chroot with attached patch and it hasn't any affect.

meson.diff (0.4 KiB)

Comment by Tommy Schmitt (spinka) - Saturday, 16 June 2018, 13:10 GMT

The correct patch was posted on xorg-dev ML: https://lists.x.org/archives/xorg-devel/2018-June/057142.html

I tested it and it works as expected.

Comment by Laurent Carlier (lordheavy) - Sunday, 17 June 2018, 05:32 GMT

Please check with xorg-server-1.20.0-8 in testing

Comment by Tommy Schmitt (spinka) - Sunday, 17 June 2018, 12:29 GMT

xorg-server-1.20.0-8 fixes this issue. Thank you.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#59025 - [xorg-server] xserver by default listens on tcp sockets

Details

Loading...