Le mercredi 03 août 2011, à 09:33 +0200, Johannes Meixner a écrit :
Hello Vincent,
On Aug 3 09:07 Vincent Untz wrote (excerpt):
Le mercredi 03 août 2011, à 09:03 +0200, Johannes Meixner a écrit :
When the CUPS print server process is the only server process which runs on the workstation, opening its IPP port 631 removes effectively any firewall protection from the workstation.
This is assuming that there is no non-root processes opening ports above 1024, which is not necessarily true.
I do not understand what you mean.
I meant: When a "whatever" server process is the only server process which runs on the workstation, opening its port removes effectively any firewall protection from the workstation.
My point is that you cannot assume it's the only server process, as there might be applications running for a user, that also listen on ports. This is an easy assumption to make when you only consider system services, but it's harder to evaluate if it's true if you consider all apps running on a computer. So, sure, if only one server process runs, this is true. My point is that you cannot assume that there is only one server process. Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org