How to make X listen tcp again?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

How to make X listen tcp again?

Roderick

The default changed, X does not receive Tcp connections. In FreeBSD
I solved the problem with a file .xserverrc in my home directory
with

exec /usr/X11R6/bin/Xorg -listen tcp

But this does not work with OpenBSD 6.4 (X does not even
execute .xinitrc, I start X with xinit).

Any hint?

Thanks
Rodrigo

Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

Roderick

Well, now the way below reads .xinitrc, perhaps a lapsus when typing before.

With "ssh -X" on the X server I get widgets from the remote server,
but not without "ssh -X".

Typing in the remote computer I get the following error:

# env DISPLAY=192.168.178.47:0.0 xterm
xterm: Xt error: Can't open display: 192.168.178.47:0.0

Is there another new security measure I do not know?

BTW: I did "xhost +" in the server.

Rodrigo

On Sat, 9 Mar 2019, Roderick wrote:

>
> The default changed, X does not receive Tcp connections. In FreeBSD
> I solved the problem with a file .xserverrc in my home directory
> with
>
> exec /usr/X11R6/bin/Xorg -listen tcp
>
> But this does not work with OpenBSD 6.4 (X does not even
> execute .xinitrc, I start X with xinit).

Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

Robert Paschedag
On 3/9/19 2:03 PM, Roderick wrote:

>
> Well, now the way below reads .xinitrc, perhaps a lapsus when typing
> before.
>
> With "ssh -X" on the X server I get widgets from the remote server,
> but not without "ssh -X".
>
> Typing in the remote computer I get the following error:
>
> # env DISPLAY=192.168.178.47:0.0 xterm
> xterm: Xt error: Can't open display: 192.168.178.47:0.0
>
> Is there another new security measure I do not know?

I think you also need the "-Y" option in ssh.

Robert

>
> BTW: I did "xhost +" in the server.
>
> Rodrigo
>
> On Sat, 9 Mar 2019, Roderick wrote:
>
>>
>> The default changed, X does not receive Tcp connections. In FreeBSD
>> I solved the problem with a file .xserverrc in my home directory
>> with
>>
>> exec /usr/X11R6/bin/Xorg -listen tcp
>>
>> But this does not work with OpenBSD 6.4 (X does not even
>> execute .xinitrc, I start X with xinit).
>

Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

Roderick

On Sat, 9 Mar 2019, Robert Paschedag wrote:
>
> I think you also need the "-Y" option in ssh.

Thanks, but perhaps I did not express myself correct.

I do not want to use ssh. No encription of X11. Just to do as I always
did: call an x client specifying a remote display (OpenBSD) either
with envirenment variable DISPLAY or with the option -display.

Rodrigo


Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

chohag
In reply to this post by Roderick
Roderick writes:

>
> The default changed, X does not receive Tcp connections. In FreeBSD
> I solved the problem with a file .xserverrc in my home directory
> with
>
> exec /usr/X11R6/bin/Xorg -listen tcp
>
> But this does not work with OpenBSD 6.4 (X does not even
> execute .xinitrc, I start X with xinit).
>
> Any hint?

Yes: you would be better off using xenodm and editing
/etc/X11/xenodm/Xservers, with a script and a doas config around 'rcctl
start xenodm' if you really must start it manually, but if you don't
want to do that for whatever poorly-considered reasons then xinit does
in fact use the xserver and xinit rc scripts provided they're not
overridden on the command line or in the environment:

    /*
     * if no server arguments given, check for a startup file and copy
     * that into the argument list
     */
    if (!server_given) {
        char *cp;
        Bool required = False;

        xserverrcbuf[0] = '\0';
        if ((cp = getenv("XSERVERRC")) != NULL) {
            snprintf(xserverrcbuf, sizeof(xserverrcbuf), "%s", cp);
            required = True;
        } else if ((cp = getenv("HOME")) != NULL) {
            snprintf(xserverrcbuf, sizeof(xserverrcbuf),
                     "%s/%s", cp, XSERVERRC);
        }

        etc.

Also you're right: X does not execute .xinitrc. xinit does that.

Matthew

Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

Roderick
On Sat, 9 Mar 2019, [hidden email] wrote:

> > Any hint?
>
> Yes: [...]

Did you try it?

BTW, I started xenodm, logged in, did "xhost +", tried to run an
X client on another compiter with this display, and got the same
error.

Rodrigo

Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

Christian Weisgerber
In reply to this post by Roderick
On 2019-03-09, Roderick <[hidden email]> wrote:

> The default changed, X does not receive Tcp connections.

In addition, the default /etc/pf.conf blocks connections to the
X11 server:

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

chohag
In reply to this post by Roderick
Roderick writes:
> On Sat, 9 Mar 2019, [hidden email] wrote:
>
> > > Any hint?
> >
> > Yes: [...]
>
> Did you try it?

No but I think you missed the part where I said "and editing
/etc/X11/xenodm/Xservers" which is the where the server binary's options
(and server binary) are specified. For what it's worth I run a rather
unusual X configuration so I've had to dig into X' startup sequence
quite extensively.

I can't come up with any reason why the ability to listen on plain TCP
has been completely restricted, though if it has I can understand it
because having X listen on TCP is nuts[*], but if you want to customise
the X server which xenodm starts, eg. by allowing it to listen on
TCP, that will be the place to do it.

That said, I think the ssh -X solution is a lot more sensible.

Matthew

[*] This doesn't stop me but in my case the X server runs on linux so
not applicable to your case.

Reply | Threaded
Open this post in threaded view
|

Re: How to make X listen tcp again?

Roderick
In reply to this post by Christian Weisgerber

Thanks for the short and helpful answer.

It was my error. I shouuld have read pf.conf

Anyway: It is a very reasonable security measure.

Rodrigo


On Sat, 9 Mar 2019, Christian Weisgerber wrote:

> On 2019-03-09, Roderick <[hidden email]> wrote:

> In addition, the default /etc/pf.conf blocks connections to the
> X11 server:
>
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010