[CLUE-Tech] quick and dirty way to let a solaris app run on linux xserver?

David Anselmi anselmi at americanisp.net
Wed Jul 17 19:17:18 MDT 2002 

Lynn Danielson wrote:
 >
> That should work.  I was stunned at Dave's follow up! ...
> 
> Dave Price  wrote:
>  > SOLVED: ... it was suggested that debian does not listen for tcp
>  > connection to X by default

[...]

> I assume that this is done for security reasons.  But setting X up
> this way breaks what all of us expect to simply work.  Does anyone
> know if there is a security option thats sets this up during Debian
> installation?  To set up X this way by default in a "standard" Linux
> distribution seems asinine to me.

Well, I don't know.  For your typical behind-a-firewall-workstation 
there is little security rationale for making this the default.  Places 
that care will hae a well thought policy rather than defaults.  In a 
home-dialup-wide-open- (or cable-wide-open-and-fast-too-) workstation, 
security rationale goes out the window.  Maybe it makes sense.

I don't know if this is announced during install, nor if it is really a 
default--my debian boxes don't have X.

As for asinine, is it any worse than Mandrake's "let me check your home 
dir permissions frequently and reset them" security manager?  It seems 
really brain damaged to me to change something that was probably changed 
by root on purpose.  And if the thing is going to be obnoxious, it could 
at least be LOUD and obnoxious so you'd know what was responsible.

I guess I don't know enough *nix to expect particular behaviors like 
this.  I have to go read the man page (several times, usually) to figure 
out what works, much less what doesn't.  But I like that particular kind 
of pain.

It might be nice if something like Bastille could become the standard 
security tool.  I hate hand-holding configurators because I'd much 
rather know how things work than how to point and click (it's the hiding 
the config files, not the GUI).  I don't have time to learn all the 
different interfaces.  At least Bastille will tell you what it's doing 
and provide some education.  But alas it is only available for RH and 
Mdk.  Support for others has been RSN for a few months at least.

There ought to be a way to write Bastille so it ports easily.  One more 
project on the shelf for lack of time.  Sigh.

Sorry to digress.

Dave

More information about the clue-tech mailing list