New ZeroConf Spec

Andrew Jorgensen andrew.jorgensen at gmail.com
Fri Jul 21 17:50:49 BST 2006


On 7/3/06, Rob J. Caskey <rcaskey at uga.edu> wrote:
> Please discuss.

I'd like to chime in on this lengthy discussion:

mDNS rocks.  It makes things just work and that's a very good thing.
A very good thing.  If it's not installed by default I'm still going
to install it and turn it on.  The benefit, IMHO, outweighs the risk.
Read http://catb.org/esr/writings/cups-horror.html

I like the no open ports policy.  It's also a very good thing.  I
don't like desktop firewalls.  More often than not they get in the way
and confuse the user.  No open ports is a much better idea.  Have we
done any study yet to see if the policy is effective?  Do we have any
stats on whether Ubuntu is actually more secure than something else
because of this?  I'm going to assume that it helps but it would be
unwise for us to assume that it's working in the real world.  When it
comes to security you need to know, not guess.

Regardless of whether we install avahi-daemon by default we should
consider adopting AppArmor to protect the system from potential
exploits.  Personally I think AppArmor is the happy middle-ground
between no open ports and a deny-by-default firewall.  AppArmor should
also be applied to cups.  I will always enable cups browsing, it's
another one of those things that makes stuff just work.

I don't think I'm advocating turning avahi-daemon on by default.
Probably that would just mean that a lot of system administrators are
going to be turning it off after installation.

The way this issue was handled with cups browsing is exactly right.
Installed but disabled by default with a GUI way to change it and a
warning that it may be a bad idea.  The important discussion is where
to put the GUI.  If we really do consider it a threat then we don't
even really want to advertise it to the unsuspecting user.  If they
know about it and want it they should be able to enable it easily.
And they shouldn't have to know that it's called Avahi, or even mDNS,
so installing it through Add/Remove or Synaptic probably won't help.

... Or we could create an ubuntu-workstation package designed for the
corporate scenario and make ubuntu-desktop the package designed to
make me (and users like me) happy.  This creates an upgrade path
problem.  How do we know which one the user wants?



More information about the ubuntu-devel mailing list