TIL CUPS, the print queue server came from Apple and enables a web server by default (port 631) on a lot of systems. Is this really a good idea?

@tomosaigon It's bound to localhost, (not 127.0.0.1) and inaccessible from the network. It can be *made* so, but it must be explicitly done so.

@nathand the server has to bind to an ip address, not a hostname, so it actually is 127.0.0.1 is it not? Practically speaking, how is it different?

Also, a bug in their web app stack could lead to root privileges, I think, even if it's only locally accessible (which could include random users)...

Follow

@tomosaigon Yes and no.

> the server has to bind to an ip address, not a hostname, so it actually is 127.0.0.1 is it not? Practically speaking, how is it different?

Yes, practically speaking, localhost == 127.0.0.1. In the case of CUPS, it is *only* listening for requests from the local system. Any other requests are dropped by default.

(1/2?)

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.