Am 08.12.2014 um 17:20 schrieb Bastien Nocera:
Am 08.12.2014 um 17:10 schrieb Bastien Nocera:There's a few more items that will be opened I'm afraid. And one of the reasons why we block root ports is to avoid regressions like rpcbind listening by default, which was due to a bug in packaging. So what you call "no firewall" would actually have prevented the potential security hole* go and read /etc/services above 1024 * they days that system service listening < 1024 are gone * you can't guarantee that a similar packaging bug happens in context of a service assigned by IANA to a high portThere's plenty of pre-existing services under 1024, and there's more likely to be bugs in those "old" services
*lol* if you start security decisions with "likely" you have lost that "old" services are mostly known and autitedfor what you opened the door is random crap coded by a schoolboy with no clue in a random language, placed as download on his homepage with the instruction "move it to your desktop, make it executeable with a right click in your filebrowser and just double klick on it" not mentioning the open port at all because it's just a new experimental feature with draft code implemented because "it's cool"
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
