ZeroConf in Ubuntu Edgy
Krishna Sankar
ksankar at doubleclix.net
Mon Jul 3 19:30:04 BST 2006
> Because Ubuntu isn't run by a bunch of idiots?
<KS>
;o) That I agree !
Seriously, Dan, from your perspective, what would it take to open up
ZeroConf (DNS-SD) securely ?
Is opening port 5353 [1]? Appropriate iptables rules ? If so, what
would they be ? We had a firewall project and I do not know the current
state of it.
</KS>
[1] BTW, one view of well-known ports in Apple is at
http://support.stat.ucla.edu/view.php?supportid=39. How does it compare with
ours ?
> -----Original Message-----
> From: ubuntu-devel-bounces at lists.ubuntu.com
> [mailto:ubuntu-devel-bounces at lists.ubuntu.com] On Behalf Of Dan Kegel
> Sent: Monday, July 03, 2006 12:10 AM
> To: Krishna Sankar
> Cc: ubuntu-devel at lists.ubuntu.com
> Subject: Re: ZeroConf in Ubuntu Edgy
>
> On 7/2/06, Krishna Sankar <ksankar at gte.net> wrote:
> > > Zeroconf is simply too scary to enable by default, but I can
> > <KS>
> > If so, how is apple mitigating the risk ?
>
> They're not, as far as I know. Their xcode IDE,
> for instance, uses distcc in an extremely convenient but
> insecure mode. Ho hum, let's see, was this vulnerability
> exploited yet?
> Yes: http://seclists.org/lists/bugtraq/2005/Mar/0197.html
> Basically, they're complete idiots when it comes to security.
>
> > If it is OK for Apple, why not for Ubuntu ?
>
> Because Ubuntu isn't run by a bunch of idiots?
> - Dan
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
More information about the ubuntu-devel
mailing list