[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kwm listening to port 1024



Hi

Out of interest, I looked a bit in the sources of kdm (which are
based on xdm, and are probably similar in behaviour).

After looking around a bit, I saw (what was expected) it listen(2)s
on an unbound socket and thus gets 1024 (the first free non-priviledged
port). It seemed this socket is somehow connnected to the chooser,
but I didn't want to look further.

Then I decided was the time for google.
I searched on google for 'xdm chooser socket', and the first answer
gave a full description of the subject. It seems to be a real
vulnerability.
I recommend to everyone interested to read it.
For reference, it's at
http://www-uxsup.csx.cam.ac.uk/~pjb1008/project/xdm-socket/

Besides what this article says, I do not know how to make *dm not
listen. Note I do not allow (in Xaccess) anyone to use me as a
chooser (that is, no uncommented CHOOSER line), and it still
listens.

	didi

On Tue, Aug 07, 2001 at 10:37:03AM +0300, Dan Kenigsberg wrote:
> Thanks for your replies. 
> May I please be more accurate:
> 
> When I run netstat -lp as a regular user I get
> Proto Recv-Q Send-Q Local Address  Foreign Address State    PID/Program name
> tcp        0      0 *:1024            *:*          LISTEN   620/kwm
> 
> but when I run it as root, I get
> tcp        0      0 *:1024            *:*          LISTEN   605/kdm             
> 
> As you can see (and could've tested, if only you new my IP), it is world
> accessible. Just telnet in.
> I know I can block it with packet filtering, but this is not the question.
> I wonder why kdm needs this non-previliged listening port, why I cannot find
> trace of it in Google, and how can I close it.
> 
> Dan.
> 
> > > On Mon, Aug 06, 2001, Dan Kenigsberg wrote about "listening to port 1024":
> > > 
> > >>Hi.
> > >>
> > >>I'm running kde on my RH7.1. I noticed that I am listening to port 1024.
> > >>nmap says this belongs to kdm, but I did not find very much about it (what is it
> > >>for, and how to disable it) anywhere.
> > >>
> > >>What do you say?
> > >>
> > > 
> > > To check which program is listening to a given port, run (as root! That's
> > > important!)
> > > 	lsof -i
> > > 
> > > For example on my system I see
> > > rpc.mount   644 root    3u  IPv4   1254       UDP *:1024 
> > > 
> > > So that the mount daemon is using (UDP, not TCP) port 1024 (but not listening
> > > on it, by the way).
> > > 
> > > What does lsof -i show on your system for port 1024?
> > > 
> > > 1024 is the first non-priviliged port, so the first application on the system
> > > that needs a random port is likely to get this number. I have no idea where
> > > nmap got the idea that "this belongs to kdm".
> > > 
> > > 
> > 
> > 
> > 
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> > 
> 
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il