TIL CUPS, the print queue server came from Apple and enables a web server by default (port 631) on a lot of #Linux systems. Is this really a good idea?
@tomosaigon It's bound to localhost, (not 127.0.0.1) and inaccessible from the network. It can be *made* so, but it must be explicitly done so.
> Also, a bug in their web app stack could lead to root privileges, I think, even if it's only locally accessible (which could include random users)...
Yes, it *could*. So could many of the accessible pieces of software on the system. In this case, you have to be part of the admin group to access it, reducing potential impact.
With the default configuration, the software is decently well secured. If you're going to have random users connect, you'll want to tweak that.
@tomosaigon It's also interesting to note that it's the same way on Macs. CUPS will listen to localhost:631. Only local users in the CUPS(?) group are allowed to connect and configure it. Though, you often have less difficulty configuring it through the Printers settings app.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.