[TriLUG] running X at the server console

Tanner Lovelace lovelace at wayfarer.org
Wed Jan 16 18:46:26 EST 2002


On Wed, 2002-01-16 at 17:59, Christian J Hedemark wrote:
> Oops I had better get on the phone with Sun and tell them to stop doing
> that.  ;-)
>
Just because Sun does something doesn't make it right...


While answering a question from Geoff Purdy:
> > Thanks.  I'd begun to reach a similar conclusion myself.  Is there a
> > specific reason *why* this is bad or is X just too flaky to run on a
> > high-availability server?
> 
> X consumes resources.  Not a lot but noticeable.  On a perfectly idle server
> you may see X windows as one of the highest consumers.
> 
> X can also be flaky.  I think this was more true in the past than it is now.
> Some of the complex desktop environments can cause a hard machine lock.  I
> saw KDE on Red Hat 7.1 do this on several different configurations at BOPS.
> I didn't think it would be possible for a userland app to do that but it was
> a major thorn in my side.
> 

Actually, besides performance, X has historically been *extremely*
insecure.  That is the main reason why you shouldn't run X on a server.

> I think the best thing to do, and I say this more from a performance
> standpoint, is don't run X server on the server box at all.  But DO run xdm
> and allow direct queries.  I keep my Sun box hidden down in the basement and
> don't really see it unless I go down there for something else.  But anytime
> I want the full desktop I can start X with a "-query sunfish" and bang I get
> the full Solaris desktop.  Solaris comes out of the box configured to allow
> xdm remote queries but you have to tweak Linux to allow this.

But then you have the same problem you have with telnet.  Your
passwords get sent in the clear.  You might as well just leave the
key to your front door where anyone can have it too.
Running X on a server might seem like a nice convenience, but it's
most certainly a good way to get your box rooted fast.

Tanner Lovelace
-- 
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
 Those who are willing to sacrifice essential liberties for a little 
 order, will lose both and deserve neither.  --  Benjamin Franklin 

 History teaches that grave threats to liberty often come in times
 of urgency, when constitutional rights seem too extravagant to 
 endure.  --  Justice Thurgood Marshall, 1989 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020116/59f73738/attachment.pgp>


More information about the TriLUG mailing list