"Workstation" Product defaults to wide-open firewall

Bastien Nocera bnocera at redhat.com
Mon Dec 8 16:20:55 UTC 2014



----- Original Message -----
> 
> Am 08.12.2014 um 17:10 schrieb Bastien Nocera:
> > There's a few more items that will be opened I'm afraid. And one of the
> > reasons
> > why we block root ports is to avoid regressions like rpcbind listening
> > by default, which was due to a bug in packaging. So what you call "no
> > firewall"
> > would actually have prevented the potential security hole
> 
> * go and read /etc/services above 1024
> * they days that system service listening < 1024 are gone
> * you can't guarantee that a similar packaging bug happens
>    in context of a service assigned by IANA to a high port

There's plenty of pre-existing services under 1024, and there's
more likely to be bugs in those "old" services.


More information about the devel mailing list