Bug#998197: kdeconnectd: should not listen on all interfaces by default
Control: severity -1 important Hi Witold, On Tue, 07 May 2024 02:36:46 + Witold Baryluk wrote: [...] > Elevating severity, because it looks like I didn't even installed this > package (I did inspect all apt-get install invokations since system > creation), and it kdeconnect could only be installed due to some > suggests / recommends, not due to any dependency or direct request. How the package was installed on your system, I don't know, but as you suspect it was likely a recommendation of another package. Regarding the issue at hand: I can see why you consider this a problem. But unfortunately, there is no way of changing that behaviour, I suspect the behaviour might be intentional. People have requested this feature upstream (https:// bugs.kde.org/show_bug.cgi?id=432378) and even asked for ways to disable kdeconnectd (https://bugs.kde.org/show_bug.cgi?id=417615). The latter bug report could give you ideas how to achieve that. If this issue poses a serious problem for you, you can remove kdeconnect from your system. That might also give you a hint why it was installed in the first place. Upstream KDE actually recommends installing kdeconnect as part of the Plasma installation. Whether that recommendation fits the Debian's recommendation, is yet to be determined and we might have to see over the recommendation. However, I do disagree about the severity of this. I don't think that this issue warrants the removal of kdeconnect from Debian and hence, I'm lowering it to important. -- Med vänliga hälsningar Patrick Franz
Bug#998197: kdeconnectd: should not listen on all interfaces by default
Package: kdeconnect Followup-For: Bug #998197 X-Debbugs-Cc: witold.bary...@gmail.com Control: severity 998197 serious Control: tags 998197 + security
Bug#998197: kdeconnectd: should not listen on all interfaces by default
Package: kdeconnect Followup-For: Bug #998197 X-Debbugs-Cc: witold.bary...@gmail.com severity -1 serious tags -1 security thanks Elevating severity, because it looks like I didn't even installed this package (I did inspect all apt-get install invokations since system creation), and it kdeconnect could only be installed due to some suggests / recommends, not due to any dependency or direct request. And as mentioned already before. It autostarts on desktop login, even if one does not use KDE (it autostarts in normal gnome-shell session for example). So this is even more dangerous.
Bug#998197: kdeconnectd: should not listen on all interfaces by default
Package: kdeconnect Version: 21.08.2-1 Severity: normal File: kdeconnectd X-Debbugs-Cc: witold.bary...@gmail.com Dear Maintainer, I do not use KDE. I use MATE, but do have many kde packages installed via some high level kde packages. I did not install kdeconnect directly. I did not start any KDE program. Yet, kdeconnectd is running, and listening on port 1716 on all interfaces, including the one on public internet directly. (I routinly scan my computers from external networks, so this is how I found it out) root@debian:~# ps aux | grep kdeco user3593 0.0 0.0 590196 70460 ?SLl Oct30 0:09 /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd root@debian:~# ss -apn | grep kdeconnect u_str ESTAB 0 0 * 799 * 11887 users:(("kdeconnectd",pid=3593,fd=7)) u_str ESTAB 0 0 * 797 * 20707 users:(("kdeconnectd",pid=3593,fd=6)) u_str ESTAB 0 0 * 42286 * 17937 users:(("kdeconnectd",pid=3593,fd=13)) u_str ESTAB 0 0 * 5949 * 39446 users:(("kdeconnectd",pid=3593,fd=16)) u_str ESTAB 0 0 * 28882 * 35128 users:(("kdeconnectd",pid=3593,fd=11)) u_str ESTAB 0 0 * 42285 * 795 users:(("kdeconnectd",pid=3593,fd=3)) u_str ESTAB 0 0 * 8474 * 2666 users:(("kdeconnectd",pid=3593,fd=15)) u_str ESTAB 0 0 * 39447 * 11888 users:(("kdeconnectd",pid=3593,fd=17)) u_str ESTAB 0 0 * 39448 * 17952 users:(("kdeconnectd",pid=3593,fd=18)) udp UNCONN 0 0 *:1716 *:* users:(("kdeconnectd",pid=3593,fd=20))