New ZeroConf Spec

Dan Kegel dank at
Wed Jul 5 14:39:18 BST 2006

On 7/5/06, David Balazic <david.balazic at> wrote:
> > > >ZeroConf is on by default in OS X.
> > >
> > > If that means there's another open port by default,
> > > even when the user doesn't mean to advertise any services,
> > > that's a security bug, isn't it?
> >
> > It's not a "security bug" its more "potential" security problems
> Yeah, like saying "running a firewall is a (potential) security
> problem", as it processes untrusted data and could have a buffer
> overflow or something.

It's not quite that silly.   Let's see...
contains the juicy quote
"There has been considerable discussion on the zeroconf mailing list
about whether security is required or even possible in zeroconf
networks. "
It concludes by saying roughly "Well, maybe IPSec will save our asses."
That draft is expired, which makes me think they gave up hope.

It's sounding rather like zeroconf should be off in any environment
that cares about security, and I believe all environments should care about
- Dan

More information about the ubuntu-devel mailing list