Am 08.12.2014 um 17:20 schrieb Bastien Nocera:
> Am 08.12.2014 um 17:10 schrieb Bastien Nocera:
>> There's a few more items that will be opened I'm afraid. And one of the
>> reasons
>> why we block root ports is to avoid regressions like rpcbind listening
>> by default, which was due to a bug in packaging. So what you call "no
>> firewall"
>> would actually have prevented the potential security hole
>
> * go and read /etc/services above 1024
> * they days that system service listening < 1024 are gone
> * you can't guarantee that a similar packaging bug happens
> in context of a service assigned by IANA to a high port
There's plenty of pre-existing services under 1024, and there's
more likely to be bugs in those "old" services
*lol* if you start security decisions with "likely" you have lost
that "old" services are mostly known and autited
for what you opened the door is random crap coded by a schoolboy with no
clue in a random language, placed as download on his homepage with the
instruction "move it to your desktop, make it executeable with a right
click in your filebrowser and just double klick on it" not mentioning
the open port at all because it's just a new experimental feature with
draft code implemented because "it's cool"