New ZeroConf Spec
lool+ubuntu at via.ecp.fr
Mon Jul 17 17:52:31 BST 2006
On Mon, Jul 17, 2006, Ian Jackson wrote:
> * avahi would be an additional piece of software exposed directly and
> permanently to hostile network traffic initiated outside the
> current host. Currently Ubuntu has very few such pieces of
> software - pretty much, only the kernel is so exposed. The `no
> open ports' policy is a good rule of thumb, intended to keep things
> this way.
I think the DHCP client was already mentionned. Other software is
permanently connected to Internet hosts, for example for network time
updates, or to check for security updates.
One problem that has been mentionned multiple times in this discussion
is "avahi exposed on the Internet" versus "avahi visible from my local
network". Some people go as far as saying that local networks are very
unsafe too, but imagine we would force avahi to only listen on
interfaces which only have RFC 1918 addresses: wouldn't that be a good
default configuration to permit local discoverability but still keep
the Internet exposure to a low level?
Loïc Minier <lool at dooz.org>
More information about the ubuntu-devel