Ubuntu Wiki

• Launchpad Entry: https://launchpad.net/distros/ubuntu/+spec/zeroconfpolicy

• Created: 2006-06-03 by Rob Caskey

• Contributors:

• Packages affected:

• Packages: avahi, libnss-mdns, zeroconf, network-manager

Introduction

This Spec describes the integration of ZeroConf technologies for Edgy+1 and the required alteration to the no-port policy that would be required.

Rationale

ZeroConf allows devices to communicate on a network with minimal configuration. ZeroConf enhanced applications facilatate network-sharing tasks (outlined below) in such a compelling manner that they justify an amendment of the no-open-ports (by default) policy.

Attack vectors are limited to the local area network. Upstream has been very responsive and submitted an outline of security considerations previously.

The codebase is compact relative to the scope of functionality.

Scope and Use Cases

• Trent wants to send a file to Jeff, an OS X user, on the train over an ad-hoc network. Both machines use ZeroConf to negotiate IP addresses and Nautilus automatically displays the advertised shares of the OS X machines.

• Trent is at a conference and opens GAIM which advertises his presence via ZeroConf.

• Trent shares his ~/Photos using the shares admin tool, and Jeff discovers it on his Mac.

• Isaac discovers a ZeroConf printer.

Design

• Avahi/Zeroconf should be turned on by default. This poses a security risk.
• The no-open-ports policy will become a one-open-port policy.
• Users disable Zero-Conf by removing Avahi using Synaptic.

Implementation Plan

• The no-open-ports by default policy shall be amended to allow Avahi and only Avahi contingent upon the following:
  • - a freedesktop.org and Ubuntu developer should be appointed by the technical board with the task of soliciting Coverity for inclusion in their defect-scanning project. - no security defects are outstanding in Avahi. - technical board issues a formal statement containing an outline of any areas of concern and designates a group to hand-audited those areas.

• Install/configure avahi and libnss-mdns by default, listening on all interfaces except those disabled by default in Avahi (like VPN, see faq).

• All network-facing services should advertise via Avahi, even if no consumer currently exists. This should be achieved by wrapping init.d/ entries using the command line tools unless native Avahi support is present.

Packages Affected

• network-manager - configure IPv4 Link Local addresses when there is no static IP or DHCP address
• avahi - Handles service dicovery, allows applications to publish and browse for services
• libnss-mdns - Allows the system to resolve .local addresses, advertisd by avahi via the standard resolver interface.
• libknssd-avahi - Allows *all* kde programs already using dns-sd with the KDE api to use avahi
• various non-enhanced daemons should have advertising wrappers added to their init scripts

Comments

pitti posted a substantial contribution - https://lists.ubuntu.com/archives/ubuntu-devel/2006-July/019680.html

CategorySpec