X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from ore.jhcloos.com (ore.jhcloos.com [198.147.23.85]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id DB8D7DC0169 for ; Mon, 30 Jun 2014 19:50:05 +0000 (UTC) Received: by ore.jhcloos.com (Postfix, from userid 10) id 129691E4E8; Mon, 30 Jun 2014 19:50:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhcloos.com; s=ore14; t=1404157803; bh=0fAl8ebAjfW6Di3piSG2T9x+wLr44/DKtAvi6FqNImY=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=ckoSpBEO5v5kE9xpETNiF4SmSv6/vSzMjEl39A1ZbVI9wwIQpUp/nTJP/j2m3Kyr0 RWSL3Kqpcfpm63KaSNVlVXf1NoMpxA5GYbJdjGaoJT8Lha903Eznf9dQR+9R5NTtN+ SqjMXySauZvF184d71AsVDrR4WCfgQGp1hrM6oVg= Received: by carbon.jhcloos.org (Postfix, from userid 500) id 1A3B06001E; Mon, 30 Jun 2014 19:43:50 +0000 (UTC) From: James Cloos To: Rich Felker Cc: musl@lists.openwall.com, alpine-devel@lists.alpinelinux.org Subject: [alpine-devel] Re: [musl] Re: cups debugging, continued...ugly patch In-Reply-To: <20140630070353.GG179@brightrain.aerifal.cx> (Rich Felker's message of "Mon, 30 Jun 2014 03:03:53 -0400") References: <20140629194829.GA1994@newbook> <20140630001201.GA14838@newbook> <20140630012830.GA16088@newbook> <20140630020311.GD179@brightrain.aerifal.cx> <20140630043512.GB16088@newbook> <20140630053426.GC16088@newbook> <20140630070353.GG179@brightrain.aerifal.cx> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/24.4.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC Copyright: Copyright 2014 James Cloos OpenPGP: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc OpenPGP-Fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Date: Mon, 30 Jun 2014 15:43:25 -0400 Message-ID: Lines: 16 X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain X-Hashcash: 1:30:140630:dalias@libc.org::Uq1uSlstBOZnUbq8:0O4My2 X-Hashcash: 1:30:140630:musl@lists.openwall.com::rV5Z84+xrfu6eKA6:0000000000000000000000000000000000000M1mSN X-Hashcash: 1:30:140630:alpine-devel@lists.alpinelinux.org::IdK35zHcbHKqrwxI:00000000000000000000000000J4yH1 >>>>> "RF" == Rich Felker writes: RF> Of course binding a reserved port like this is a serious security RF> smell -- it sounds like they're trying to facilitate port-based RF> authentication, which is unsafe if used for anything except localhost. If it is for the lpd protocol, there are (or at least have been) systems and printers which only accepted print jobs via lpd if they originated on the lpd port. Or maybe it was if they originated on a <1024 port. I have a vague recollection of bug reports for cups in the early days about that. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---