Re: Disable ZeroConf: how to ?

To: debian-devel@lists.debian.org
Subject: Re: Disable ZeroConf: how to ?
From: Klaus Ethgen <Klaus@Ethgen.de>
Date: Wed, 2 Mar 2011 23:54:22 +0100
Message-id: <[🔎] 20110302225422.GB17584@ikki.ethgen.ch>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 201103021825.32204.roucaries.bastien@gmail.com>
References: <[🔎] 201103021825.32204.roucaries.bastien@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am Mi den  2. Mär 2011 um 18:25 schrieb Bastien ROUCARIES:
> More and more packages depend on avahi aka zeroconf. I have found some information on http://wiki.debian.org/ZeroConf 
> 
> Because I work in a untrusted work place and home network (public networks, wifi...) I whish to purge zeroconf functionnality.

I fighted this bunch of functionality since long ago. The whole zerconf
stuff is only useful in secure and clear defined environments. But there
you don't need it anyway.

With zeroconf there is some thinks that play together and has to be
killed:
- - avahi (-daemon) -- as you find by yourself -- and the packages
  zeroconf, libnss-mdns, avahi-autoipd, avahi-daemon.
- - The package slpd
- - The linklocal route (169.254.0.0)

> Does avahi could be disable (using kernel level firewalling is not from my point of view a solution) ?

See above.

> And more specifically from an administrator point of view does avahi could library could be made purgeable and no more than suggest 
> dependencies (I am willing to fill a mass bug report because purging avahi will purge gnome and kde ...) ?

Well, as I do not use gnome nor kde I am not concerned from this
dependencies.

> And moreover could you give a clear answer about the security risk on untrusted network ? 

That is difficult. It depends on the environment. If you have a clear
and secure environment, zeroconf is not that insecure. But in all other
environments you do not want to have it.

Regards
   Klaus
- -- 
Klaus Ethgen                            http://www.ethgen.ch/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBTW7Knp+OKpjRpO3lAQqjdgf+J1Tq4eqF+bi/2bAONvCPXgwCXRswg5eA
HEAWZdsN13jTe/JGD/NTBML7AXXu+RIeJIFty+I/T+OlU2x3SbKijtXkteN0giTE
QWJf/6extnJZY97+cP2xDjfPZXP8DA7pL3qr0MLHj9Lz/s+Prvd+9MM3OKzgoDn/
pG9Lb+TVNMzWmD3KLGD1wbLMMKSnh7NLQshQPLgwkZwTysLWCeIX/hBRZ8r9Nn0G
DqW1I4sOIYB47w4DmHo5SXwnQG3O0P/MdbaVicasE0+MYLg28Ib+ZVNMzvFbP7Kw
lBQBvrqFDBsKXvK4esgSlI6xq8c/m/rUUR5S3Ar8t8AFg1OWoT+C4g==
=CXGk
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

References:
- Disable ZeroConf: how to ?
  - From: Bastien ROUCARIES <roucaries.bastien@gmail.com>

Prev by Date: Re: Speeding up dpkg, a proposal
Next by Date: Re: Disable ZeroConf: how to ?
Previous by thread: Re: Disable ZeroConf: how to ?
Next by thread: Re: Disable ZeroConf: how to ?
Index(es):
- Date
- Thread