"Workstation" Product defaults to wide-open firewall

Reindl Harald h.reindl at thelounge.net
Mon Dec 8 16:15:45 UTC 2014


Am 08.12.2014 um 17:10 schrieb Bastien Nocera:
> There's a few more items that will be opened I'm afraid. And one of the reasons
> why we block root ports is to avoid regressions like rpcbind listening
> by default, which was due to a bug in packaging. So what you call "no firewall"
> would actually have prevented the potential security hole

* go and read /etc/services above 1024
* they days that system service listening < 1024 are gone
* you can't guarantee that a similar packaging bug happens
   in context of a service assigned by IANA to a high port


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141208/2eccf379/attachment.sig>


More information about the devel mailing list