March 22, 2019

New HOWTO: Linux XDMCP HOWTO - page 4

Table of Contents, Section 1

  • March 29, 2001
4. XDMCP and GDM (Gnome Display Manager)

The following is taken from the [http://www.oswg.org/oswg-nightly/oswg/
en_US.ISO_8859-1/articles/gdm-reference/gdm-reference/index.html] Gnome
Display Manager Reference Manual:

GDM also supports the X Display Manager Protocol (XDMCP) for managing remote
displays. GDM listens to UDP port 177 and will repond to QUERY and
BROADCAST_QUERY requests by sending a WILLING packet to the originator. GDM
can also be configured to honor INDIRECT queries and present a host chooser
to the remote display. GDM will remember the user's choice and forward
subsequent requests to the chosen manager. GDM only supports the
MIT-MAGIC-COOKIE-1 authentication system. Little is gained from the other
schemes, and no effort has been made to implement them so far. Since it is
fairly easy to do denial of service attacks on the XDMCP service, GDM
incorporates a few features to guard against attacks. Please read the XDMCP
reference section below for more information.

Even though GDM tries to outsmart potential attackers, it is still adviced
that you block UDP port 177 on your firewall unless you really need it. GDM
guards against DoS attacks, but the X protocol is still inherently insecure
and should only be used in controlled environments. Even though your display
is protected by cookies the XEvents and thus the keystrokes typed when
entering passwords will still go over the wire in clear text. It is trivial
to capture these. You should also be aware that cookies, if placed on an NFS
mounted directory, are prone to eavesdropping too.

Most Popular LinuxPlanet Stories