Il 29 febbraio 2012 23:51, Simo Sorce <simo@xxxxxxxxxx> ha scritto: > On Wed, 2012-02-29 at 10:09 -0700, Chris Murphy wrote: >> On Feb 29, 2012, at 5:15 AM, drago01 wrote: >> >> > On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker <ndbecker2@xxxxxxxxx> wrote: >> >> I think he's got a point >> >> >> >> http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_ >> > >> >> My example is mDNS being blocked in the Firewall by default *and* it requires a root password to unblocked it. Completely retarded. > > Except that mDNS is a real security issue (because you can hijack name > resolution quite easily with it). Is it really any worse that real DNS spoofing? I mean, it is as easy to reply fake data to a unicast DNS request, if I'm on the same subnet (and thus can pretend to be the DNS server). The same protections should be used, that is DNSSEC and end-to-end authentication (SSH, TLS). This still leaves the real mdns area unprotected, but this is to be expected, and it's just an UI issue (that could be resolved once network zones land). Just my 2e-2. Giovanni -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
