[Pidgin] #4157: Ability to Disable UPnP Advertisements
Pidgin
trac at pidgin.im
Thu Nov 29 13:27:55 EST 2007
#4157: Ability to Disable UPnP Advertisements
--------------------------+-------------------------------------------------
Reporter: davidski | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone:
Component: libpurple | Version: 2.3.0
Resolution: | Keywords: upnp
Pending: 0 |
--------------------------+-------------------------------------------------
Comment (by davidski):
No, I'm not at all concerned about trying to stealth Pidgin. :)
I am concerned about applications opening up and making advertisements
without my explicit permission. At no point have I authorized Pidgin to
make a UPnP discovery. From a service minimization standpoint,
unnecessary services should be disabled. In addition to the poor track
record of UPnP implementations in general, the possibility that a rogue
UPnP advertisement could influence Pidgin's behavior without my
authorization is a real concern.
UPnP is not used on any of my networks. While I can disable other
protocols (AIM, ICQ, etc.), UPnP is currently hard coded as active.
Unless the team consideres UPnP as essential a service as DNS (a hard
stretch as many users disable UPnP as a standard hardening step), an
enable/disable option on this would be much appreciated.
--
Ticket URL: <http://developer.pidgin.im/ticket/4157#comment:3>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list