ZeroConf in Ubuntu Edgy

Ivan Krstic krstic at
Tue Jul 4 01:35:33 BST 2006

Tobias Wolf wrote:
> What about Samba, Cups in browse mode, Rhythmbox in sharing mode,
> filesharing with Bittorrent et al., VOIP, SSH, an Apache for web pages
> or webdav, NFS, et cetera ad inf. Linux is an essentially networked OS.
> Do want to extend the policy to a port opening prohibition?

There was clearly never talk nor discussion of a port opening
prohibition. On the other hand, it's still a reasonable proposition that
users who run Apache, SSH, and NFS should know enough about their system
to set up any requisite security (neither of the three services are
gaping security holes by default).

As for Samba, CUPS in browse mode, and Rhythmbox -- these have no easy
nor obvious firewall policy that makes them more secure. As a
first-order approximation, one could limit inbound access to them to the
current network as given by the (ipaddr, netmask) tuple, but that's a
hack. Perhaps a useful hack, but not without detailed prior discussion
in spec form.

Ivan Krstic <krstic at> | GPG: 0x147C722D

More information about the ubuntu-devel mailing list