Re: avahi-daemon

To: debian-security@lists.debian.org
Subject: Re: avahi-daemon
From: Loïc Minier <lool+debian@via.ecp.fr>
Date: Fri, 3 Mar 2006 14:45:28 +0100
Message-id: <[🔎] 20060303134528.GP6022@bee.dooz.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20060222180008.GD9733@mathom.us>
References: <43FC4A6C.9010801@gmx.net> <20060222142342.GD17249@bee.dooz.org> <20060222145124.GC9733@mathom.us> <20060222155726.GF17249@bee.dooz.org> <20060222180008.GD9733@mathom.us>

 (This reply was started some days ago, but I thought it might be best
  to wait a little before responding to you.  Besides, I took some time
  to document myself on some of the issues you mentionned.)

        Hi,

On Wed, Feb 22, 2006, Michael Stone wrote:
> >(nss-mdns does mdns too, but it's not related to avahi)
> Package: avahi-daemon
> Recommends: libnss-mdns
> The dependency chains here get a little scary.

 Indeed, but it's even worse! avahi-daemon recommends libnss-mdns which
 recommends zeroconf.  However, both Recommends are bogus.  There's a
 bug against the second one, and I talked a little with Sjoerd on the
 first one, and it seems it's not required either, it's more of
 something until we get a mdns task.

 So yes, you're correct, this is a scary dependency, which shouldn't be
 there.  Nor the libnss-mdns dependency on zeroconf shouldn't be there
 (it should be the other way around actually).

 And zeroconf is a software which is known to cause some trouble in
 existing network configurations (not avahi alone).

> >From a security point of view, everything feature introduce risk.  If
> >you base all you reasonning on security, that is if you make security
> >rule number 1, you get zero feature.
> And if you introduce questionable features with huge security 
> implications without thinking them through you get a real mess which is 
> going to take a lot of work down the road to clean up. There's a real 
> danger inherent in focusing on a particular bit of functionality and 
> ignoring its larger implications, *especially* in a project as large as 
> debian.

 If music sharing is a questionable feature to you, you don't need to
 discuss this further, you're obviously the security guy, talking in
 debian-security@ of stuff he doesn't want to support security-wise, and
 don't want to see running on his server.  Would this discussion happen
 on a multimedia list, the situation would be kind of the opposite, and
 people would be shouting loud if that wasn't pulled in by default.

 The rest of your point is simply too fuzzy to discuss any further,
 you're being too general sorry.

> >You can't take the decision to remove a feature because most people
> >install GNOME for other reasons than that feature.  Otherwise one would
> >use the same reasonning for all features in GNOME and remove them all.
> Your logic is frankly questionable. Anytime you start with a
> proposition like "making that decision equates to removing every 
> possible feature" you're probably making a logical leap.

 Probably, I certainly don't have to discuss all features as painfully
 as this one.  But there's no other way to get it, the point being in
 not having any central server, you have to listen for requests.  Any
 other proposal to implement the functionality and interoperability with
 iTunes is welcome.

 Besides, the work is done quite cleanly with a chroot and a separate
 user.

 But sure, a small door has been opened which wasn't there before.

> I don't see any of those appearing on any network I maintain. I've now 
> trumped your assertion with one of my own, do I win something?

 That's outrageous, the fact you don't have anything on your network is
 a real pity, it means you simply have no ground to talk on the feature
 you want absolutely removed.  I've seen a lot of types of shares while
 browsing various networks, the latest of which were the networks of
 geeks at FOSDEM: typically a mixture of feature-maniacs, and
 security-paranoiacs.  Surprisingly, lot's of stuff was advertized
 there, ranging from music and file shares to SSH, HTTP, or SFTP
 servers.

 Will other people at FOSDEM confirm this?  Just install the
 service-discovery-applet and switch networks for a while.

>                                                                On any 
> *managed* network I don't think that having stuff like this appear out 
> of nowhere is particularly beneficial. On a small home network I'm not 
> convinced it buys you anything because you're not generally dealing with 
> enough stuff to need a service location solution. I'm sure its 
> potentially very useful on geeky home networks with lots of systems and 
> services, but I'm not sure that's a reasonable basis for a default 
> configuration.

 Right, people running Debian or Ubuntu at home are typically not
 interested in sharing music between computers at home.

 I completely agree with the managed network part, but in such a
 network:
 - would you have music players installed?
 - wouldn't you filter out any other port than HTTP, HTTPS, and FTP?

   Cheers,

-- 
Loïc Minier <lool@dooz.org>
Current Earth status:   NOT DESTROYED

Reply to:

Follow-Ups:
- Re: avahi-daemon
  - From: Michael Stone <mstone@debian.org>
- Re: avahi-daemon
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: avahi-daemon
Next by Date: Re: avahi-daemon
Previous by thread: Short summary (Was: avahi-daemon)
Next by thread: Re: avahi-daemon
Index(es):
- Date
- Thread