Re: avahi-daemon
On Fri, Mar 03, 2006, Henrique de Moraes Holschuh wrote:
> On Fri, 03 Mar 2006, Loïc Minier wrote:
> > On Fri, Mar 03, 2006, Henrique de Moraes Holschuh wrote:
> > > True. But that requires a broken kernel, which we patch regularly as a
> > > security procedure anyway. Mounting removable filesystems suid,dev allow a
> > > lot more damage *by design* in the standard Linux security-model.
> >
> > And we also support avahi security-wise, and would patch it in the case
> > of a knwon vulnerability.
> Nobody ever implied that avahi is badly maintained. And unless mdns/avahi
> is somehow being shipped configured in such a way so as to allow for
> immediate local root priviledge escalations, I don't think I understood the
> point you wanted to make.
You were making the point that it's a security bug to mount USB sticks
automatically without nodev and nosuid, and people responded to you
that it was already a security risk to mount a filesystem automatically.
You finally replied that implies a borken kernel and the kernel is
supported security-wise.
My point was to draw the following parallel:
- mounting a filesystem automatically <=> listening on the network
- kernel vulnerable <=> avahi vulnerable
- kernel supported security-wise <=> avahi supported security-wise
(- protecting with nodev nosuid <=> not having anything advertized)
> I stated that the fact that an hipotetic kernel bug *also* allows for local
> root exploits through a nosuid,nodev removable filesystem does *not* excuse
> us to have removable filesystems being mounted suid,dev, which depending on
> the filesystem type allows for immediate local root privilege escalation,
> *by* *design*.
Which I completely agree with. But by default, no music is shared via
avahi, so it would require a bug in avahi (exactly like it would
require a bug in the kernel) to do anything nasty.
Cheers,
--
Loïc Minier <lool@dooz.org>
Current Earth status: NOT DESTROYED
Reply to: