New ZeroConf Spec
ludovic.ferre at hotmail.com
ludovic.ferre at hotmail.com
Wed Jul 5 15:06:11 BST 2006
----- Original Message -----
From: "Dan Kegel" <dank at kegel.com>
To: "David Balazic" <david.balazic at hermes.si>
Cc: "Lukas Sabota" <punkrockguy318 at comcast.net>; "Rob J. Caskey"
<rcaskey at uga.edu>; <ubuntu-devel at lists.ubuntu.com>; "Trent Lloyd"
<lathiat at bur.st>
Sent: Wednesday 05 July 2006 15:39
Subject: Re: New ZeroConf Spec
> On 7/5/06, David Balazic <david.balazic at hermes.si> wrote:
>> > > >ZeroConf is on by default in OS X.
>> > >
>> > > If that means there's another open port by default,
>> > > even when the user doesn't mean to advertise any services,
>> > > that's a security bug, isn't it?
>> >
>> > It's not a "security bug" its more "potential" security problems
>>
>> Yeah, like saying "running a firewall is a (potential) security
>> problem", as it processes untrusted data and could have a buffer
>> overflow or something.
>
> It's not quite that silly. Let's see...
> http://www.watersprings.org/pub/id/draft-williams-zeroconf-security-00.txt
> contains the juicy quote
> "There has been considerable discussion on the zeroconf mailing list
> about whether security is required or even possible in zeroconf
> networks. "
> It concludes by saying roughly "Well, maybe IPSec will save our asses."
> That draft is expired, which makes me think they gave up hope.
>
Replace IPSec by IPv6 and this would be up-to-date ;)
> It's sounding rather like zeroconf should be off in any environment
> that cares about security, and I believe all environments should care
> about
> security.
> - Dan
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
More information about the ubuntu-devel
mailing list