New ZeroConf Spec

Dan Kegel dank at
Mon Jul 17 00:15:46 BST 2006

On 7/16/06, Jerry Haltom <wasabi at> wrote:
> Any result can sneak in. There is no security involved. Anybody on the
> local broadcast subnet can introduce fake or invalid results into
> *.local.
> The question is simply "is this a problem"?

I can think of a few scenarios where it might be.
If malware manages to invade a secretary's machine,
and advertise bogus services normally associated with developers' machines
(say, distcc), that could result in confidential source code being
exposed and/or malware being injected into the resulting .o files;
if the resulting executables are run on the developers' workstations,
the malware could subvert the developer's workstation.

Now, anyone who uses zeroconf to configure a distcc server network
is asking for it, security-wise.  But I think that's how Apple ships xcode.

Or am I mistaken somehow?
- Dan

More information about the ubuntu-devel mailing list