21 May
2007
21 May
'07
20:12
Crispin Cowan wrote:
To be considered certified, it would have to be in the certified configuration. Installing a new application with an open network port violates that certification.
This is only true if it opens a port < 1024 or runs as root. If it is started as a non-root user, then a port can be opened. That's why running a webserver on port 8080 does not violate the certified configuration. I'm not arguing against your main point, but it is not quite as bad as you state here. Emily --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org