Re: mate-session listening socket lockdown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Apr 16, 2015 at 6:52 PM, Troy Engel <troyengel+arch@xxxxxxxxx> wrote:
> Doing a little hardening, I notice on my workstations that
> 'mate-session' activates a user-level listening socket on 0.0.0.0 that
> you can telnet into and slam with gibberish (and it doesn't exit) --
> does anyone know how to set up a config to lock that to 127.0.0.1 and
> ::1?
>
> $ netstat -lntp | grep mate-session
> tcp        1      0 0.0.0.0:60715           0.0.0.0:*
> LISTEN      24246/mate-session
> tcp6       0      0 :::50621                :::*
> LISTEN      24246/mate-session
>
> $ telnet localhost 60715
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> HELP
> asdas
> asd
> a
> asd
> a
> ^]
> telnet> close
> Connection closed.
>
> I've had a perusal of the source[1] and see that it's some sort of
> "xmp" thing, but I freely admit I don't do a lot of debugging in this
> area of the X world (I'm a server guy). Any pointers what this is for
> and how I can get it locked down? The gconf schema file doesn't have a
> setting, perhaps it's configured somewhere else?
>
> The Googletubes are failing me, or maybe I just don't understand what
> I should be googling for to get the right hits...
>
> thx!
> -te
>
> [1] https://github.com/mate-desktop/mate-session-manager/tree/1.8/mate-session


Why not just drop external connecitons using a firewall [0] rule?
[0] https://wiki.archlinux.org/index.php/Iptables


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux