On Fri, 27 Sep 2024 17:19:47 +0200,
Ian Darwin <ian@darwinsys.com> wrote:
>
> On 9/27/24 11:05 AM, Kirill A. Korinsky wrote:
> > On Fri, 27 Sep 2024 14:43:21 +0200,
> > Chris Narkiewicz <hello@ezaquarii.com> wrote:
> >> https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
> >>
> >> Is the cups in ports vulnerable as well?
> > OpenBSD mises quite import pices of this attack: cups-browsed
> >
> > Without it, it isn't so dramatic.
> >
> Cups is is ports/packages so it is not part of the base system, at all.
>
> And we have cups-browsed in ports/packages and it is a run-depend of
> cups, so it does get installed whenever cups is installed. However, it
> is not enabled by default (you have to enable it with rcctl enable
> cups-browsed or by editing /etc/rc.conf.local), and I hope nobody is
> doing so.
>
Indeed, I've used pkglocate to check that and made a typo which misslead me,
and I misslead everyone. Sorry for that and thanks to correct this.
--
wbr, Kirill
No comments:
Post a Comment