Torvalds:requiring root password for mundane things is moronic

[Lennart Poettering]

On Wed, 29.02.12 16:08, Chris Murphy (lists at colorremedies.com) wrote:

> 
> 
> On Feb 29, 2012, at 3:51 PM, Simo Sorce wrote:
> 
> > On Wed, 2012-02-29 at 10:09 -0700, Chris Murphy wrote:
> >> 
> >> My example is mDNS being blocked in the Firewall by default *and* it requires a root password to unblocked it. Completely retarded.
> > 
> > Except that mDNS is a real security issue (because you can hijack name
> > resolution quite easily with it).
> 
> Fair enough but then I'd argue mDNS's present method of dealing with
> hijacking. If two clients respond with the same name, it seems that
> all other clients on the network should blacklist both clients rather
> than trusting the one that answers first. Disabling it entirely is the
> granularity of a large hammer. mDNS is still much more useful than not
> useful, and more useful than statistically risky, despite being highly
> spoofable.

mDNS is supposed to just work. Zeroconf and stuff. Just going into black
hole mode if somebody has the same name as you is a great way to work
against that. And would open us to DoS anyway.

It's your own fault to believe mDNS was trustable if the network you use
it on isn't trusted.

mDNS is not a secure, nor a reliable protocol. Never has been, never
will be. Use it if you trust your network. If you don't trust your
network, then don't use, and don't resolve names from the .local domain.

mDNS is very much in the same boat as DHCP here. If you are stupid
enough to trust DHCP data that some random server on your network sends
you, then you should be totally fine with mDNS too.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.