----- Original Message ----- > > Am 08.12.2014 um 17:10 schrieb Bastien Nocera: > > There's a few more items that will be opened I'm afraid. And one of the > > reasons > > why we block root ports is to avoid regressions like rpcbind listening > > by default, which was due to a bug in packaging. So what you call "no > > firewall" > > would actually have prevented the potential security hole > > * go and read /etc/services above 1024 > * they days that system service listening < 1024 are gone > * you can't guarantee that a similar packaging bug happens > in context of a service assigned by IANA to a high port
There's plenty of pre-existing services under 1024, and there's more likely to be bugs in those "old" services. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
