All in all, I donot agree with bubble talk we are getting here. I donot think people who are just talking with sheer imagination with computer illiteracy to come here. This is high volume site. People over here do some real work. It cannot be used to malice a set of people.
> [~]# netstat -ap|grep avahi > udp 0 0 *:mdns *:* 1622/avahi-daemon: > udp 0 0 *:45282 *:* 1622/avahi-daemon: > udp6 0 0 [::]:mdns [::]:* 1622/avahi-daemon: > udp6 0 0 [::]:58036 [::]:* 1622/avahi-daemon: Down Comment. > I admit I didn't notice this before, as I would never expect a _client_ > system to have some crap listening by default. And it is world-reachable > -- am I supposed to ensure the top s1kr3t address > 2001:6a0:118:0:22cf:30ff:fec3:d4b7 never leaks out? (oops...) Where is the client in this? I donot get what you mean by a client. Could you tell me in Avahi what is a client. > And why does it open this security hole? To make it slightly easier to What security hole? > configure link-local instant messages. Who exactly is going to need that > these days? The times of local networks disconnected from the world are Donot get what you mean. > mostly over. You have some non-networked machines here and there, but if > there's a network of some kind, it almost always is globally connected. > These few places that do have airwalled networks definitely don't want to > run link-local chat... what do you mean by airwalled network? could you give some specific example. > So, any gain is infinitessimally small, and the risk is real. Even daemons > coded by most security-minded people that have seen a lot of review do have > exploitable holes once in a while, so I expect Avahi to fare no better. Could you get specific with the security holes to be looked for ? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTi=uwr9xyxc5azhtezslmgh+3-e7kkdankszp...@mail.gmail.com
