[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Disable ZeroConf: how to ?

On Wed, Mar 02, 2011 at 10:24:36PM +0100, Josselin Mouette wrote:
> Le mercredi 02 mars 2011 à 18:25 +0100, Bastien ROUCARIES a écrit :
> > And more specifically from an administrator point of view does avahi
> > could library could be made purgeable and no more than suggest 
> > dependencies (I am willing to fill a mass bug report because purging
> > avahi will purge gnome and kde ...) ?
> As Philipp pointed out, only gnome depends on it, and that’s not
> gnome-desktop-environment. You can use the latter if you want only the
> official GNOME desktop.

  Depends: gnome-user-share
    Depends: libapache2-mod-dnssd
      Depends: avahi-daemon
  Recommends: telepathy-salut
    Depends: avahi-daemon 

> > And moreover could you give a clear answer about the security risk on
> > untrusted network ? 
> I’d say Avahi is mostly as insecure as the services that use it for
> advertising.

A client system is not supposed to run any public network services,
especially not in the default config.  I have never in my life felt the need
to do anything provided by either gnome-user-share or telepathy-salut (or
anything that has to do with telepathy for that matter), and I doubt most
users have either.  None of them do anything good unless configured, too.

Having them installed by default might make sense, disk space is cheap and
non-technical users are not supposed to apt-get things every time they use
an optional part of Gnome -- but why the system would bear a security risk
when none of the programs involved were ever run is beyond me.

When an user actually uses that "easy file sharing" or link-local instant
messaging, avahi could be started, but there's no reason to do that before.

This goes in contrast to actual server daemons which are installed by a
conscious action by the sysadmin, and thus can be expected to be running by

1KB		// Microsoft corollary to Hanlon's razor:
		//	Never attribute to stupidity what can be
		//	adequately explained by malice.

Reply to: