Xphoton security settings

Our network security staff have complained that our QNX 6 boxes present an
open X server to the network, which violates our security policies. We’re
running Photon configured as per a plain vanilla standard install. Is there
a way to restrict access to Xphoton to only the local machine, such as you
would do with xhost commands? Or if not, is there an easy way to disable it
entirely, while still allowing QNX X applications (primarily DDD) to operate
with a remote X server?

Thanks,

Marty Doane
Siemens Dematic

Anyone? I’ve confirmed that the Xphoton server is open to the network, and I
can’t find xhost or any other way to configure this.

–
Marty Doane
Siemens Dematic

“Marty Doane” <marty.doane@rapistan.com> wrote in message
news:a7qoen$q1m$1@inn.qnx.com…

Our network security staff have complained that our QNX 6 boxes present an
open X server to the network, which violates our security policies. We’re
running Photon configured as per a plain vanilla standard install. Is
there
a way to restrict access to Xphoton to only the local machine, such as you
would do with xhost commands? Or if not, is there an easy way to disable
it
entirely, while still allowing QNX X applications (primarily DDD) to
operate
with a remote X server?

Thanks,

Marty Doane
Siemens Dematic

You should try xfree86
http://www.sourceforge.net/projects/openqnx

Marty Doane <marty.doane@rapistan.com> wrote:

Anyone? I’ve confirmed that the Xphoton server is open to the network, and I
can’t find xhost or any other way to configure this.

–
Marty Doane
Siemens Dematic

“Marty Doane” <> marty.doane@rapistan.com> > wrote in message
news:a7qoen$q1m$> 1@inn.qnx.com> …
Our network security staff have complained that our QNX 6 boxes present an
open X server to the network, which violates our security policies. We’re
running Photon configured as per a plain vanilla standard install. Is
there
a way to restrict access to Xphoton to only the local machine, such as you
would do with xhost commands? Or if not, is there an easy way to disable
it
entirely, while still allowing QNX X applications (primarily DDD) to
operate
with a remote X server?

Thanks,

Marty Doane
Siemens Dematic

phearbear <phearbear@spray.se> wrote:

i THINK /usr/X11R6/lib/X11/xserver/SecurityPolicy
is the file setting access permissions etc, it should be standard x11
file , so you might find somewhere online what it is to contain.

if he grabs the xfree86, he should have this file.
but based on his emails, I don’t think he needs that level of security.

the default config of xfree86 should meet his need, and he can also
use the included xhost to fine tune it.

Frank

I have a /usr/X11R6/lib/X11/ directory, but there’s no xserver subdirectory
in it, nor any SecurityPolicy file that I can find anywhere in the /usr
tree.

–
Marty Doane
Siemens Dematic

“phearbear” <phearbear@spray.se> wrote in message
news:3CA885F6.20702@spray.se…

fliu@bb.vipstage.com > wrote:
You should try xfree86
http://www.sourceforge.net/projects/openqnx

Marty Doane <> marty.doane@rapistan.com> > wrote:

Anyone? I’ve confirmed that the Xphoton server is open to the network,
and I
can’t find xhost or any other way to configure this.

\

Marty Doane
Siemens Dematic


“Marty Doane” <> marty.doane@rapistan.com> > wrote in message
news:a7qoen$q1m$> 1@inn.qnx.com> …

Our network security staff have complained that our QNX 6 boxes present
an
open X server to the network, which violates our security policies.
We’re
running Photon configured as per a plain vanilla standard install. Is

there

a way to restrict access to Xphoton to only the local machine, such as
you
would do with xhost commands? Or if not, is there an easy way to
disable

it

entirely, while still allowing QNX X applications (primarily DDD) to

operate

with a remote X server?

Thanks,

Marty Doane
Siemens Dematic






i THINK /usr/X11R6/lib/X11/xserver/SecurityPolicy
is the file setting access permissions etc, it should be standard x11
file , so you might find somewhere online what it is to contain.

fliu@bb.vipstage.com wrote:

You should try xfree86
http://www.sourceforge.net/projects/openqnx

Marty Doane <> marty.doane@rapistan.com> > wrote:

Anyone? I’ve confirmed that the Xphoton server is open to the network, and I
can’t find xhost or any other way to configure this.

\

Marty Doane
Siemens Dematic


“Marty Doane” <> marty.doane@rapistan.com> > wrote in message
news:a7qoen$q1m$> 1@inn.qnx.com> …

Our network security staff have complained that our QNX 6 boxes present an
open X server to the network, which violates our security policies. We’re
running Photon configured as per a plain vanilla standard install. Is

there

a way to restrict access to Xphoton to only the local machine, such as you
would do with xhost commands? Or if not, is there an easy way to disable

it

entirely, while still allowing QNX X applications (primarily DDD) to

operate

with a remote X server?

Thanks,

Marty Doane
Siemens Dematic


\

i THINK /usr/X11R6/lib/X11/xserver/SecurityPolicy
is the file setting access permissions etc, it should be standard x11
file , so you might find somewhere online what it is to contain.

I’ve now got a /usr/X11R6/lib/X11/xserver/SecurityPolicy file in place, and
I can tell that Xphoton is reading it (complaints if it’s poorly formatted).
However, I’ve not found any settings within it that make Xphoton disallow
non-local hosts. Does anyone know the right combination?

I’ve also tried creating a /etc/X0.hosts file to disallow non-local hosts,
but that doesn’t seem to have any effect either.

Anyone from QSSL that can shed any light on whether this is possible, and
how?
If it’s not possible, what’s the cleanest way to prevent Xphoton from
launching at boot time (or auto-kill it at boot time)?

Marty Doane
Siemens Dematic

“phearbear” <phearbear@spray.se> wrote in message
news:3CA885F6.20702@spray.se…

fliu@bb.vipstage.com > wrote:
You should try xfree86
http://www.sourceforge.net/projects/openqnx

Marty Doane <> marty.doane@rapistan.com> > wrote:

Anyone? I’ve confirmed that the Xphoton server is open to the network,
and I
can’t find xhost or any other way to configure this.

\

Marty Doane
Siemens Dematic


“Marty Doane” <> marty.doane@rapistan.com> > wrote in message
news:a7qoen$q1m$> 1@inn.qnx.com> …

Our network security staff have complained that our QNX 6 boxes present
an
open X server to the network, which violates our security policies.
We’re
running Photon configured as per a plain vanilla standard install. Is

there

a way to restrict access to Xphoton to only the local machine, such as
you
would do with xhost commands? Or if not, is there an easy way to
disable

it

entirely, while still allowing QNX X applications (primarily DDD) to

operate

with a remote X server?

Thanks,

Marty Doane
Siemens Dematic






i THINK /usr/X11R6/lib/X11/xserver/SecurityPolicy
is the file setting access permissions etc, it should be standard x11
file , so you might find somewhere online what it is to contain.

Marty Doane <marty.doane@rapistan.com> wrote:

I’ve now got a /usr/X11R6/lib/X11/xserver/SecurityPolicy file in place, and
I can tell that Xphoton is reading it (complaints if it’s poorly formatted).
However, I’ve not found any settings within it that make Xphoton disallow

As I mentioned in another post in this thread, this file wont help you
to achieve your goal.
If all you need is X+ddd, you should try the XFree86 and ddd from
the openqnx site. If you need to run some photon apps occasionally,
you can use phinx.
If your main goal is to run photon apps, and run x apps only occasionally.
you can probably just kill xphoton, after the photon starts up…
and only run xphoton when you need to run your x app.
You can probably modify the “ph” script in this case…

Frank

non-local hosts. Does anyone know the right combination?

I’ve also tried creating a /etc/X0.hosts file to disallow non-local hosts,
but that doesn’t seem to have any effect either.

Anyone from QSSL that can shed any light on whether this is possible, and
how?
If it’s not possible, what’s the cleanest way to prevent Xphoton from
launching at boot time (or auto-kill it at boot time)?

Marty Doane
Siemens Dematic

“phearbear” <> phearbear@spray.se> > wrote in message
news:> 3CA885F6.20702@spray.se> …
fliu@bb.vipstage.com > wrote:
You should try xfree86
http://www.sourceforge.net/projects/openqnx

Marty Doane <> marty.doane@rapistan.com> > wrote:

Anyone? I’ve confirmed that the Xphoton server is open to the network,
and I
can’t find xhost or any other way to configure this.

\

Marty Doane
Siemens Dematic


“Marty Doane” <> marty.doane@rapistan.com> > wrote in message
news:a7qoen$q1m$> 1@inn.qnx.com> …

Our network security staff have complained that our QNX 6 boxes present
an
open X server to the network, which violates our security policies.
We’re
running Photon configured as per a plain vanilla standard install. Is

there

a way to restrict access to Xphoton to only the local machine, such as
you
would do with xhost commands? Or if not, is there an easy way to
disable

it

entirely, while still allowing QNX X applications (primarily DDD) to

operate

with a remote X server?

Thanks,

Marty Doane
Siemens Dematic






i THINK /usr/X11R6/lib/X11/xserver/SecurityPolicy
is the file setting access permissions etc, it should be standard x11
file , so you might find somewhere online what it is to contain.

Thanks.

Marty Doane
Siemens Dematic

<fliu@bb.vipstage.com> wrote in message news:a8fgkq$l1q$1@inn.qnx.com…

Marty Doane <> marty.doane@rapistan.com> > wrote:
I’ve now got a /usr/X11R6/lib/X11/xserver/SecurityPolicy file in place,
and
I can tell that Xphoton is reading it (complaints if it’s poorly
formatted).
However, I’ve not found any settings within it that make Xphoton
disallow

As I mentioned in another post in this thread, this file wont help you
to achieve your goal.
If all you need is X+ddd, you should try the XFree86 and ddd from
the openqnx site. If you need to run some photon apps occasionally,
you can use phinx.
If your main goal is to run photon apps, and run x apps only occasionally.
you can probably just kill xphoton, after the photon starts up…
and only run xphoton when you need to run your x app.
You can probably modify the “ph” script in this case…

Frank

non-local hosts. Does anyone know the right combination?

I’ve also tried creating a /etc/X0.hosts file to disallow non-local
hosts,
but that doesn’t seem to have any effect either.

Anyone from QSSL that can shed any light on whether this is possible,
and
how?
If it’s not possible, what’s the cleanest way to prevent Xphoton from
launching at boot time (or auto-kill it at boot time)?

Marty Doane
Siemens Dematic

“phearbear” <> phearbear@spray.se> > wrote in message
news:> 3CA885F6.20702@spray.se> …
fliu@bb.vipstage.com > wrote:
You should try xfree86
http://www.sourceforge.net/projects/openqnx

Marty Doane <> marty.doane@rapistan.com> > wrote:

Anyone? I’ve confirmed that the Xphoton server is open to the
network,
and I
can’t find xhost or any other way to configure this.

\

Marty Doane
Siemens Dematic


“Marty Doane” <> marty.doane@rapistan.com> > wrote in message
news:a7qoen$q1m$> 1@inn.qnx.com> …

Our network security staff have complained that our QNX 6 boxes
present
an
open X server to the network, which violates our security policies.
We’re
running Photon configured as per a plain vanilla standard install.
Is

there

a way to restrict access to Xphoton to only the local machine, such
as
you
would do with xhost commands? Or if not, is there an easy way to
disable

it

entirely, while still allowing QNX X applications (primarily DDD) to

operate

with a remote X server?

Thanks,

Marty Doane
Siemens Dematic






i THINK /usr/X11R6/lib/X11/xserver/SecurityPolicy
is the file setting access permissions etc, it should be standard x11
file , so you might find somewhere online what it is to contain.