New ZeroConf Spec
Dan Kegel
dank at kegel.com
Wed Jul 5 14:39:18 BST 2006
On 7/5/06, David Balazic <david.balazic at hermes.si> wrote:
> > > >ZeroConf is on by default in OS X.
> > >
> > > If that means there's another open port by default,
> > > even when the user doesn't mean to advertise any services,
> > > that's a security bug, isn't it?
> >
> > It's not a "security bug" its more "potential" security problems
>
> Yeah, like saying "running a firewall is a (potential) security
> problem", as it processes untrusted data and could have a buffer
> overflow or something.
It's not quite that silly. Let's see...
http://www.watersprings.org/pub/id/draft-williams-zeroconf-security-00.txt
contains the juicy quote
"There has been considerable discussion on the zeroconf mailing list
about whether security is required or even possible in zeroconf
networks. "
It concludes by saying roughly "Well, maybe IPSec will save our asses."
That draft is expired, which makes me think they gave up hope.
It's sounding rather like zeroconf should be off in any environment
that cares about security, and I believe all environments should care about
security.
- Dan
More information about the ubuntu-devel
mailing list