ZeroConf in Ubuntu Edgy
krstic at fas.harvard.edu
Tue Jul 4 01:35:33 BST 2006
Tobias Wolf wrote:
> What about Samba, Cups in browse mode, Rhythmbox in sharing mode,
> filesharing with Bittorrent et al., VOIP, SSH, an Apache for web pages
> or webdav, NFS, et cetera ad inf. Linux is an essentially networked OS.
> Do want to extend the policy to a port opening prohibition?
There was clearly never talk nor discussion of a port opening
prohibition. On the other hand, it's still a reasonable proposition that
users who run Apache, SSH, and NFS should know enough about their system
to set up any requisite security (neither of the three services are
gaping security holes by default).
As for Samba, CUPS in browse mode, and Rhythmbox -- these have no easy
nor obvious firewall policy that makes them more secure. As a
first-order approximation, one could limit inbound access to them to the
current network as given by the (ipaddr, netmask) tuple, but that's a
hack. Perhaps a useful hack, but not without detailed prior discussion
in spec form.
Ivan Krstic <krstic at fas.harvard.edu> | GPG: 0x147C722D
More information about the ubuntu-devel