Re: CUPS and network interfaces

On Sun, Oct 07, 2007 at 09:18:27PM +0200, Markus Maria Miedaner wrote:
> On Sun, Oct 07, 2007 at 02:47:32PM -0400, you (Celejar) wrote:
> > Hi,
> >
> > I have a pretty standard (default) CUPS installation. cupsd.conf
> > contains the lines:
> >
> > > # Only listen for connections from the local machine.
> > > Listen localhost:631
> > > Listen /var/run/cups/cups.sock
> >
> > Yet tiger complains:
> >
> > > --WARN-- [lin002i] The process `cupsd' is listening on socket 631 (UDP) on every interface.

> depending on the level of security you'd like you may be continue thinking about it.
> If you receive this "complain" on your desktop box and you don't have highly important
> data on it that may be wanted by someone else.... I would not worry about it.

I think the original poster is asking about the inconsistency between the cups config and the warning message, not complaining about the message.

On to the real issue:
Listen is poorly documented. It affects the port for print connections only. If you do netstat -anlp, you'll see that the tcp port 631 is listening only on the listed (local) interface.

udp port 631 is for a nearly unrelated activity of browsing. Nothing stands out to me in the docs on limiting this port to certain interfaces, but there are several cupsd.conf Browse* directives to look at. You may need IPTables to address the problem (though that won't make the message go away).

-- 
Rob

-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org