Re: avahi-daemon
On Wed, Feb 22, 2006 at 03:23:42PM +0100, Loïc Minier wrote:
If you do install a GNOME desktop environment, expect to have a web
browser which might run malicious code, games which might be sgid
games, and tons of stuff which might be opening more doors than you
like.
First, there's a difference between passive and active attacks. We can't
prevent people from doing dangerous things with their computers, but we
can try to keep their computer from being a danger all by itself.
From a pragmatic standpoint, pulling in nss-mdns is a PITA because it
makes certain name queries take forever--so there are reasons aside from
security to think this is annoying.
Securitywise, there is no doubt in my mind that this mdns stuff will
open a lot of new vulnerabilities in the future--the history of this
sort of service suggests that it is inevitable. Making it easy to pull
in and activate as a side effect of apparantly-unrelated packages is,
IMO, a mistake.
What you want is the opposite of plug and play: closing all doors and
requiring people to open N doors to use a high-level feature such as
music browsing is *not* intuitive.
The real question is whether installing gnome should mean that you get
multicast dns. I'll bet that the number of people who want the former is
significantly larger than the number who want (or know they're getting,
or even care about) music browsing.
--
Michael Stone
Reply to: