Re: Disable ZeroConf: how to ?
On Thu, Mar 3, 2011 at 1:31 PM, Olaf van der Spek <olafvdspek@gmail.com> wrote:
> On Thu, Mar 3, 2011 at 1:16 PM, Lars Wirzenius <liw@liw.fi> wrote:
>> On to, 2011-03-03 at 12:47 +0100, Bastien ROUCARIES wrote:
>>> some package announce their existance to the world without any admin decision!
>>> It is not a fud and a security hole!
>>
>> That's a vague generality... which packages? You mentioned phpmyadmin.
>> What are the actual problems that results from this announcement? What
>> bad things happen from it? Can the fact that you have phpmyadmin become
>> known to an attacker via port scanning, or similar techniques? If so,
>> does it matter if phpmyadmin also announces things via avahi? What do
>> you suggest as a solution? Would a blanket policy of having all services
>> to default to not announce themselves? What would the problems from such
>> a policy be?
>>
>> (I don't know much about this stuff, and I don't particularly care, but
>> it'd be nice if we could turn the discussion into a constructive one.)
>
> Windows has the concept of home / private and public networks. On
> public networks, sharing gets disabled.
> Such a concept would be good for this situation as well. Let the user
> indicate what type of network he is on and what type of services
> should be opened to that network.
The last bug is not about this, it is I have a phpmyadmin running as
www user and I announce I run it.
Not really good to give the path to phpmyadmin (that is running by
admin decission)
Bastien
> Olaf
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] AANLkTinTbSLqb6ErtkOAB3ULXsX+WWjJEmxK-LXe9ns9@mail.gmail.com">http://lists.debian.org/[🔎] AANLkTinTbSLqb6ErtkOAB3ULXsX+WWjJEmxK-LXe9ns9@mail.gmail.com
>
>
Reply to: