New ZeroConf Spec
Ian Jackson
ian at davenant.greenend.org.uk
Tue Jul 18 17:38:06 BST 2006
Loïc Minier writes ("Re: New ZeroConf Spec"):
> On Mon, Jul 17, 2006, Ian Jackson wrote:
> > * avahi would be an additional piece of software exposed directly and
> > permanently to hostile network traffic initiated outside the [host]
>
> I think the DHCP client was already mentionned. Other software is
> permanently connected to Internet hosts, for example for network time
> updates, or to check for security updates.
The the ntp client and the software updater do not sit and listen
constantly for incoming data from the network. They only look for it
when they are engaged in a query. This makes them a much smaller
target. Of course, security problems in these do need to be worried
about and fixed, but these programs are not as exposed as the kernel
precisely because they aren't listening all of the time.
Of course you can install an ntpd which _will_ listen all of the time,
but it's not the default.
> One problem that has been mentionned multiple times in this discussion
> is "avahi exposed on the Internet" versus "avahi visible from my local
> network".
It is not really possible for the system to tell reliably whether its
ethernet interface is exposed to the Internet or is only on `a local
network' (whatever that might mean, but presumably something with less
hostile traffic).
If it were possible to tell and the intent is to treat `friendly local
network' differently from `direct connection to global Internet via eg
DSL' or `unsecured ad-hoc wifi' or whatever, then this should be
explained in the spec, obviously: the spec should say how the
different things will be distinguished and how they will be treated.
Sebastian Dröge writes ("Re: New ZeroConf Spec"):
> avahi only listens on interfaces that have the MULTICAST flag set by
> default which is from what I know almost never (unless manually set) the
> case for internet interfaces.
For avahi to work on any interface, it must listen on that interface.
The technical details of how this is enabled, which include setting
any relevant flags including enabling multicast, are not really very
relevant, are they ?
The proposal in the new ZeroConf spec is to provide an easy way for
the user to enable avahi including setting the appropriate interface
flags etc., and all of the security ramifications of all of the
relevant system changes should be considered.
Ian.
More information about the ubuntu-devel
mailing list