KubuntuEasyZeroconf

Revision 6 as of 2006-06-22 16:18:35

Clear message

Summary

Provide an easy way to turn on Zeroconf in Kubuntu

Rationale

Zeroconf is turned off by default for security reasons, we should provide an easy way to turn it on.

Use cases

Jack wants to avoid to make any ad hoc configuration to access his network services at home.

Alice is going to several conferences and wants to easily discover the available services or expose services. But, she doesn't want zeroconf to keep running forever for security reasons.

Scope

Zeroconf in this spec refers to the dnssd protocol implemented with Avahi.

Currently Avahi is not installed on the system. Users have to locate the relevant package and install it to make Zeroconf works. To make sure it's not running anymore they have to uninstall it.

Design

KDE has already a Zeroconf stack able to use Avahi in kdelibs, a ioslave allowing to browse services available, and a KControl module to configure of the Zeroconf stack. We will create the necessary facilities to enable Avahi on demand so that it can be installed by default but inactive, this way the system would stay secure by default while not hampering the user experience.

Implementation

  1. Introduce /etc/default/avahi-daemon file holding an ENABLED_ON_BOOT key, the value will be 0 by default. The /etc/init.d/avahi-daemon would start avahi on boot only when ENABLED_ON_BOOT=1.

  2. Patch kdelibs package so that the KDE Zeroconf stack is disabled by default.

  3. The current KControl module for zeroconf support has a checkbox to enable/disable the KDE Zeroconf stack. This KControl module should be patched so it first enables Avahi in /etc/default/avahi-daemon and if that succeeds it enables it in KDE.

  4. Patch the ioslave so that when the user access the ioslave, or when an application tries to expose a service while zeroconf is disabled we popup a dialog like the following one: 

--------------------
| Enable Zeroconf? |
| [ ] Forever      |
|   [Yes] [No]     |
--------------------

If the user answers "yes", Avahi is started for this session (using kdesu) and the KDE Zeroconf stack is activated on success. If the "forever" checkbox is checked, we also put ENABLED_ON_BOOT=1 in the /etc/default/avahi-daemon file.

Code

Create a script /usr/share/avahi/enable_browsing with equivalent functionality /usr/share/cups/enable_browsing: it would edit /etc/default/avahi-daemon to change ENABLED_ON_BOOT and reload the settings of the Avahi daemon. This script would be challed when the user ticks Enable Zeroconf.

Review comments

  • You say that avahi isn't installed at the moment but this question doesn't seem to be addressed. Do you mean (a) avahi will remain not installed by default (ie, this spec only applies to users who ask for it to be installed); (b) avahi will be installed but disabled by default; (c) avahi will be installed on demand somehow (specify). -iwj
  • This spec should mention the word "Rendezvous" (the Apple trademark) somewhere, surely ? -iwj
  • Description of the presentation to the user of the security implications is sorely lacking. Is the assumption that users who choose to install avahi know what the security implications are and don't need to be told ? -iwj

CategorySpec