Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 401927

Summary: net-print/cups-1.4.8-r23 - do not open UDP port 631 by default
Product: Gentoo Linux Reporter: Martin Mokrejš <mmokrejs>
Component: [OLD] PrintingAssignee: Printing Team <printing>
Status: RESOLVED FIXED    
Severity: normal Keywords: PATCH
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 411887    
Attachments: cupsd.conf.patch

Description Martin Mokrejš 2012-02-02 16:25:05 UTC 
Created attachment 300761 [details, diff]
cupsd.conf.patch

While looking for opened ports on y computer I found that cupsd is too loosely configured by default. Please disable the Browsing functionality asap. In theory one could specify just interfaces to be opened (opening eth0 or ppp0 is not safe for me either) or just certain addresses. I should that in the patch for cupsd.conf. However, it somehow does not work for me - the computer listens on UDP:*.ipp. :( I suspect it is because the variable names in the config file were renamed so the following URL probably does not apply to my cups version: http://www.cups.org/documentation.php/ref-cupsd-conf.html

The patch disables the browsing functionality altogether. That really closes the UDP port. This is the safe setting and should be default.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2012-04-18 22:18:19 UTC 
Have changed the default value in 1.5.2-r2, plus added an elog message how to re-enable. Browsing is going away anyway in 1.6 (replaced by avahi).
Comment 2 labor_ratte 2012-04-19 12:57:31 UTC 
(In reply to comment #1)
> Have changed the default value in 1.5.2-r2, plus added an elog message how
> to re-enable. Browsing is going away anyway in 1.6 (replaced by avahi).

The files still get installed in root folder.

>>> Installing (3 of 6) net-print/cups-1.5.2-r2
 * Removing /usr/share/info
 * checking 485 files for package collisions
>>> Merging net-print/cups-1.5.2-r2 to /
>>> /cups.path
>>> /cups.socket
>>> /cups.service
--- /etc/
Comment 3 labor_ratte 2012-04-19 12:59:08 UTC 
Sorry, wrong bug