Re: Disable ZeroConf: how to ?
On Wed, Mar 02, 2011 at 10:24:36PM +0100, Josselin Mouette wrote:
> Le mercredi 02 mars 2011 à 18:25 +0100, Bastien ROUCARIES a écrit :
> > And more specifically from an administrator point of view does avahi
> > could library could be made purgeable and no more than suggest
> > dependencies (I am willing to fill a mass bug report because purging
> > avahi will purge gnome and kde ...) ?
>
> As Philipp pointed out, only gnome depends on it, and that’s not
> gnome-desktop-environment. You can use the latter if you want only the
> official GNOME desktop.
gnome-desktop-environment
Depends: gnome-user-share
Depends: libapache2-mod-dnssd
Depends: avahi-daemon
Recommends: telepathy-salut
Depends: avahi-daemon
> > And moreover could you give a clear answer about the security risk on
> > untrusted network ?
>
> I’d say Avahi is mostly as insecure as the services that use it for
> advertising.
A client system is not supposed to run any public network services,
especially not in the default config. I have never in my life felt the need
to do anything provided by either gnome-user-share or telepathy-salut (or
anything that has to do with telepathy for that matter), and I doubt most
users have either. None of them do anything good unless configured, too.
Having them installed by default might make sense, disk space is cheap and
non-technical users are not supposed to apt-get things every time they use
an optional part of Gnome -- but why the system would bear a security risk
when none of the programs involved were ever run is beyond me.
When an user actually uses that "easy file sharing" or link-local instant
messaging, avahi could be started, but there's no reason to do that before.
This goes in contrast to actual server daemons which are installed by a
conscious action by the sysadmin, and thus can be expected to be running by
default.
--
1KB // Microsoft corollary to Hanlon's razor:
// Never attribute to stupidity what can be
// adequately explained by malice.
Reply to: