On Thu, 2012-03-01 at 00:51 +0100, Giovanni Campagna wrote: > Il 29 febbraio 2012 23:51, Simo Sorce <simo@xxxxxxxxxx> ha scritto: > > On Wed, 2012-02-29 at 10:09 -0700, Chris Murphy wrote: > >> On Feb 29, 2012, at 5:15 AM, drago01 wrote: > >> > >> > On Wed, Feb 29, 2012 at 1:02 PM, Neal Becker <ndbecker2@xxxxxxxxx> wrote: > >> >> I think he's got a point > >> >> > >> >> http://www.osnews.com/story/25659/Torvalds_requiring_root_password_for_mundane_things_is_quot_moronic_quot_ > >> > > >> > >> My example is mDNS being blocked in the Firewall by default *and* it requires a root password to unblocked it. Completely retarded. > > > > Except that mDNS is a real security issue (because you can hijack name > > resolution quite easily with it). > > Is it really any worse that real DNS spoofing? I mean, it is as easy > to reply fake data to a unicast DNS request, if I'm on the same subnet > (and thus can pretend to be the DNS server). > The same protections should be used, that is DNSSEC and end-to-end > authentication (SSH, TLS). This still leaves the real mdns area > unprotected, but this is to be expected, and it's just an UI issue > (that could be resolved once network zones land). I am a big fan of network zones, it simplifies the concept for naive users in a way that makes it usable. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
