* ken <gebser@mousecar.com> [08-18-20 10:54]:
Checking out my newly installed system, I found in "ss -tulpn" this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess ... tcp LISTEN 0 5 [::]:16001 [::]:* users:(("pulseaudio",pid=5819,fd=45))
...
5819 is the pid for /usr/bin/pulseaudio, which is a networked sound server, but is 16001 the proper port? It's listed in /usr/etc/services as:
fmsascon 16001/tcp # Administration Server Connector [Mark_Davidson]
(This is one of several ports used by the well known FileMaker.)
Moreover:
# rpm -Vf /usr/bin/pulseaudio .M....... g /var/lib/pulseaudio
It's odd that (1) the mode of this "file" should not match the rpm database, especially considering it's an empty directory. And what does the "g" mean?
Also
# ls -ld /usr/bin/pulseaudio -rwxr-xr-x 1 root root 92352 Jul 22 14:17 /usr/bin/pulseaudio
which means that the process listening on an open port is owned by and running as root, which I'd consider a security vulnerability.
why do you suppose the instance is running as root. the binary being owned by root does not mean than, you will notice that group and users have execute permissions. check ps -u |grep pulseaudio -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org