Re: Disable ZeroConf: how to ?
On Wed, Mar 2, 2011 at 11:54 PM, Klaus Ethgen <Klaus@ethgen.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Am Mi den 2. Mär 2011 um 18:25 schrieb Bastien ROUCARIES:
>> More and more packages depend on avahi aka zeroconf. I have found some information on http://wiki.debian.org/ZeroConf
>>
>> Because I work in a untrusted work place and home network (public networks, wifi...) I whish to purge zeroconf functionnality.
>
> I fighted this bunch of functionality since long ago. The whole zerconf
> stuff is only useful in secure and clear defined environments. But there
> you don't need it anyway.
>
> With zeroconf there is some thinks that play together and has to be
> killed:
> - - avahi (-daemon) -- as you find by yourself -- and the packages
> zeroconf, libnss-mdns, avahi-autoipd, avahi-daemon.
> - - The package slpd
> - - The linklocal route (169.254.0.0)
Ok so this package should be marked as suggest only ? Will fill bug,
if needed as a whislist level.
>> Does avahi could be disable (using kernel level firewalling is not from my point of view a solution) ?
>
> See above.
>
>> And more specifically from an administrator point of view does avahi could library could be made purgeable and no more than suggest
>> dependencies (I am willing to fill a mass bug report because purging avahi will purge gnome and kde ...) ?
>
> Well, as I do not use gnome nor kde I am not concerned from this
> dependencies.
>
>> And moreover could you give a clear answer about the security risk on untrusted network ?
>
> That is difficult. It depends on the environment. If you have a clear
> and secure environment, zeroconf is not that insecure. But in all other
> environments you do not want to have it.
Ok so a telnet equivalent from a security point of view...
Regards
Bastien
> Regards
> Klaus
Reply to: