Torvalds:requiring root password for mundane things is moronic

Simo Sorce simo at redhat.com
Wed Feb 29 23:27:59 UTC 2012 

On Thu, 2012-03-01 at 00:17 +0100, Lennart Poettering wrote:
> On Wed, 29.02.12 17:51, Simo Sorce (simo at redhat.com) wrote:
> 
> > On Wed, 2012-02-29 at 10:09 -0700, Chris Murphy wrote:
> > > On Feb 29, 2012, at 5:15 AM, drago01 wrote:
> > > 
> > > > On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker <ndbecker2 at gmail.com> wrote:
> > > >> I think he's got a point
> > > >> 
> > > >> http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_
> > > > 
> > > 
> > > My example is mDNS being blocked in the Firewall by default *and* it requires a root password to unblocked it. Completely retarded.
> > 
> > Except that mDNS is a real security issue (because you can hijack name
> > resolution quite easily with it).
> 
> Can you? How so?
> 
> Sure, you can muck with the .local domain, since that's the mDNS domain,
> but hey, if you are stupid enough to trust the .local domain in insecure
> networks, then it is your own fault, as the suffix ".local" kinda comes
> with this big implied label of "HEY! THIS DOMAIN IS RESOLVED FROM DATA
> MULTICASTED ON THE LOCAL LINK".

Yeah unfortunately there are a ton of sites that use the .local suffix
for their local domain for example. Some predate mDNS hijacking of it
for 'untrusted local stuff'.

Also you should really define 'You' here. Because the issue is that mDNS
in Fedora is inserted by default in the hosts database and IIRC before
DNS, so it get a chance to always reply before a DNS query is made. This
of course makes sense for its uses, why ask the DNS if you know this is
a .local name that the DNS should not know about ?

But most applications do not treat random host names in any special way,
so it is hard to cast blame or stupidity on an application developer for
not checking the suffix of the host name they are connecting to.

All that said I am not casting any blame, just saying why disabling it
is not just a stupid idea but have a reason. We may not agree with the
reason or consider it an over-reaction to the threat or whatever other
consideration. That's a separate discussion I think.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the devel mailing list