Re: Disable ZeroConf: how to ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
Am Do den 3. Mär 2011 um 3:35 schrieb Chow Loong Jin:
> > A system has not to listen for any unused and unneeded services ever. A
> > firewall is to control services you _need_.
> >
> > All that zeroconf stuff is absolutely not needed and wanted. (By the
> > most users, I suppose.)
[...]
> Actually I absolutely love the <machine>.local resolution functionality on a
> network (it works much better than the NetBIOS crap that can never find another
> machine on a network when you want it). That, and Pidgin's Bonjour support
> interfaces with iChat over zeroconf, allowing you to chat with users (and
> exchange files, perhaps?) across a network without needing to set up a
> centralized chatting system.
The thoughts of that makes me shiver! Trusting untreatable sources on a
network for configuring local stuff is worse ever. Either you have a
trustable network then it gets configured in a clean way and by intend.
Or you have a untrusted network you do not want to use ever or only such
fare that you can oversee it.
> I think those two functionalities are pretty useful to the end-user.
Well, they might be for a mac or windows user that is not care about
security at all. But it is horror for a debian user who care at least a
bit about security.
And even if you not care about, then that functionality should be
explicit configured and not per default.
And even worse, debian is often used on server platforms where you never
ever want to have any such magically configured services.
> Rather than blabbering about potential security issues stemming from
> avahi-daemon being installed and enabled on a system, how about actually finding
> one and reporting it?
Oh, they are not potential. Trusting on untrusted stuff for doing any on
your machine raises the vector for intrusion to hell.
Ah, and to give a example of the past. No one ever did think about that
mssql is vulnerable due to a comfort feature until in 2001/2002 the
mssql-slammer (or how the worm was called) took down mayor parts of the
net. Zeroconf and avahi plays in the same category.
> gnome-user-share does not share stuff by default as far as I can tell, and
> padevchooser only uses avahi-daemon for discovering extra Pulseaudio sinks on
> the network (it doesn't advertise its own sinks by default).
Uh, you mean, that anybody can listen to your music or your teamspeak
session or your voip session with your girlfriend due zeroconf found a
audio sink in the network and did reconfigure your system to use it?
> An avahi-enabled system that advertises no services is pretty much as secure as
> the avahi-disabled system.
That is not true. For two reasons:
1. It is one more daemon that is not needed and can have bugs. (And even
more it lowers the sensibility about unusual processes on your
system)
2. It even configure parts of your system from untrusted information
from the network.
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus@Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBTW9nR5+OKpjRpO3lAQrpqgf/UD6Vmg5rF/RhVY9VPgPpx3FdcFQXJ3b0
IJsdsPL+7MsUEblqTlabxuDPALXM/RcORDQaTX+2wzeaLO5Tu9+ZoeuvNiT9mNWy
NLoqFWIRtoDYiwlQK2KfCT0PGLU9EEa1ynk3naIhVp/QPods2bpHG3lIYMgPCY4D
A0Y+6knrWjwRLVRiWQuzRhH6T6ykbPkw08yr1/9vy45CiRXbXvIpk9vJhpOPD7nX
sxfY2bMIk5NCUKdJ6QVLKUe+HM5wJO0IsRSMNPFg+RLk99xEYUgP87MeUi7O14CC
9VfopJAak/MYttLLxW6K0X/Ltoflpqr58TWvmzDpIS0VSBEA3wkwoA==
=okFJ
-----END PGP SIGNATURE-----
Reply to: