Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#59025 - [xorg-server] xserver by default listens on tcp sockets

Attached to Project: Arch Linux
Opened by Tommy Schmitt (spinka) - Friday, 15 June 2018, 20:29 GMT
Last edited by Andreas Radke (AndyRTR) - Sunday, 17 June 2018, 19:19 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Andreas Radke (AndyRTR)
Laurent Carlier (lordheavy)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No



Since xorg-xserver 1.20, xserver by default listens on tcp/tcp6 sockets on all network interfaces on port 6000+n (n=display number). Probably this happens due to missing 'listen-tcp' option in new, experimental meson build system[1]. In autotools it always defaulted to disabled[2].

It's not always noticeable as many tools (sddm,gdm,lightdm) pass explicit '-nolisten tcp' xserver argument. It can be seen while using xwayland under kwin wayland session[3][4] (test by running: 'kwin_wayland --xwayland').

Listening on tcp sockets on all network interfaces may be a security issue.

To fix this you can either patch meson build system or switch back to autotools which is more mature.


Steps to reproduce:

1. start xserver without '-nolisten tcp' argument.
2. Check for listening programs on 6000+ port (i.e. 'sudo ss -tunwrap')
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Sunday, 17 June 2018, 19:19 GMT
Reason for closing:  Fixed
Comment by loqs (loqs) - Friday, 15 June 2018, 23:33 GMT
To match autoconf defaults I believe should be set to 0 not 1.
Comment by Andreas Radke (AndyRTR) - Saturday, 16 June 2018, 06:37 GMT
I guess meson build shoud match autotools build system. So this is an upstream bug. And it should be discussed there what behavior is wanted to be the default one.
Comment by Tommy Schmitt (spinka) - Saturday, 16 June 2018, 12:20 GMT
@loqs thanks for pointing this file. Unfortunately I rebuilded xorg in clean chroot with attached patch and it hasn't any affect.
Comment by Tommy Schmitt (spinka) - Saturday, 16 June 2018, 13:10 GMT
The correct patch was posted on xorg-dev ML:

I tested it and it works as expected.
Comment by Laurent Carlier (lordheavy) - Sunday, 17 June 2018, 05:32 GMT
Please check with xorg-server-1.20.0-8 in testing
Comment by Tommy Schmitt (spinka) - Sunday, 17 June 2018, 12:29 GMT
xorg-server-1.20.0-8 fixes this issue. Thank you.