##(see the SpecSpec for an explanation) * '''Launchpad Entry''': https://launchpad.net/distros/ubuntu/+spec/zeroconfpolicy * '''Created''': <> by Rob Caskey * '''Contributors''': * '''Packages affected''': * '''Packages''': avahi, libnss-mdns, zeroconf, network-manager == Introduction == This Spec describes the integration of ZeroConf technologies for Edgy+1 and the required alteration to the no-port policy that would be required. == Rationale == ZeroConf allows devices to communicate on a network with minimal configuration. ZeroConf enhanced applications facilatate network-sharing tasks (outlined below) in such a compelling manner that they justify an amendment of the no-open-ports (by default) policy. Attack vectors are limited to the local area network. Upstream has been very responsive and submitted an [[http://avahi.org/wiki/SecurityConsiderations|outline of security considerations]] previously. The codebase is compact relative to the scope of functionality. == Scope and Use Cases == * Trent wants to send a file to Jeff, an OS X user, on the train over an ad-hoc network. Both machines use ZeroConf to negotiate IP addresses and Nautilus automatically displays the advertised shares of the OS X machines. * Trent is at a conference and opens GAIM which advertises his presence via ZeroConf. * Trent shares his ~/Photos using the shares admin tool, and Jeff discovers it on his Mac. * Isaac discovers a ZeroConf printer. == Design == * Avahi/Zeroconf should be turned on by default. This poses a security risk. * The no-open-ports policy will become a one-open-port policy. * Users disable Zero-Conf by removing Avahi using Synaptic. == Implementation Plan == * The no-open-ports by default policy shall be amended to allow Avahi and only Avahi contingent upon the following: - a freedesktop.org and Ubuntu developer should be appointed by the technical board with the task of soliciting Coverity for inclusion in their defect-scanning project. - no security defects are outstanding in Avahi. - technical board issues a formal statement containing an outline of any areas of concern and designates a group to hand-audited those areas. * Install/configure avahi and libnss-mdns by default, listening on all interfaces except those disabled by default in Avahi (like VPN, [[http://avahi.org/wiki/Avah4users#FAQ|see faq]]). * All network-facing services should advertise via Avahi, even if no consumer currently exists. This should be achieved by wrapping init.d/ entries using the command line tools unless native Avahi support is present. === Packages Affected === * network-manager - configure IPv4 Link Local addresses when there is no static IP or DHCP address * avahi - Handles service dicovery, allows applications to publish and browse for services * libnss-mdns - Allows the system to resolve .local addresses, advertisd by avahi via the standard resolver interface. * libknssd-avahi - Allows *all* kde programs already using dns-sd with the KDE api to use avahi * various non-enhanced daemons should have advertising wrappers added to their init scripts == Comments == pitti posted a substantial contribution - https://lists.ubuntu.com/archives/ubuntu-devel/2006-July/019680.html ---- CategorySpec