Bug#998197: kdeconnectd: should not listen on all interfaces by default
Control: severity -1 important Hi Witold, On Tue, 07 May 2024 02:36:46 + Witold Baryluk wrote: [...] > Elevating severity, because it looks like I didn't even installed this > package (I did inspect all apt-get install invokations since system > creation), and it kdeconnect could only be installed due to some > suggests / recommends, not due to any dependency or direct request. How the package was installed on your system, I don't know, but as you suspect it was likely a recommendation of another package. Regarding the issue at hand: I can see why you consider this a problem. But unfortunately, there is no way of changing that behaviour, I suspect the behaviour might be intentional. People have requested this feature upstream (https:// bugs.kde.org/show_bug.cgi?id=432378) and even asked for ways to disable kdeconnectd (https://bugs.kde.org/show_bug.cgi?id=417615). The latter bug report could give you ideas how to achieve that. If this issue poses a serious problem for you, you can remove kdeconnect from your system. That might also give you a hint why it was installed in the first place. Upstream KDE actually recommends installing kdeconnect as part of the Plasma installation. Whether that recommendation fits the Debian's recommendation, is yet to be determined and we might have to see over the recommendation. However, I do disagree about the severity of this. I don't think that this issue warrants the removal of kdeconnect from Debian and hence, I'm lowering it to important. -- Med vänliga hälsningar Patrick Franz
Bug#998197: kdeconnectd: should not listen on all interfaces by default
Package: kdeconnect Followup-For: Bug #998197 X-Debbugs-Cc: witold.bary...@gmail.com Control: severity 998197 serious Control: tags 998197 + security
Bug#998197: kdeconnectd: should not listen on all interfaces by default
Package: kdeconnect Followup-For: Bug #998197 X-Debbugs-Cc: witold.bary...@gmail.com severity -1 serious tags -1 security thanks Elevating severity, because it looks like I didn't even installed this package (I did inspect all apt-get install invokations since system creation), and it kdeconnect could only be installed due to some suggests / recommends, not due to any dependency or direct request. And as mentioned already before. It autostarts on desktop login, even if one does not use KDE (it autostarts in normal gnome-shell session for example). So this is even more dangerous.
Bug#998197: kdeconnectd: should not listen on all interfaces by default
Package: kdeconnect
Version: 21.08.2-1
Severity: normal
File: kdeconnectd
X-Debbugs-Cc: witold.bary...@gmail.com
Dear Maintainer,
I do not use KDE. I use MATE, but do have many kde packages installed via
some high level kde packages. I did not install kdeconnect directly.
I did not start any KDE program.
Yet, kdeconnectd is running, and listening on port 1716 on all
interfaces, including the one on public internet directly. (I routinly
scan my computers from external networks, so this is how I found it out)
root@debian:~# ps aux | grep kdeco
user3593 0.0 0.0 590196 70460 ?SLl Oct30 0:09
/usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
root@debian:~# ss -apn | grep kdeconnect
u_str ESTAB 0 0 * 799
* 11887
users:(("kdeconnectd",pid=3593,fd=7))
u_str ESTAB 0 0 * 797
* 20707
users:(("kdeconnectd",pid=3593,fd=6))
u_str ESTAB 0 0 *
42286 * 17937
users:(("kdeconnectd",pid=3593,fd=13))
u_str ESTAB 0 0 *
5949 * 39446
users:(("kdeconnectd",pid=3593,fd=16))
u_str ESTAB 0 0 *
28882 * 35128
users:(("kdeconnectd",pid=3593,fd=11))
u_str ESTAB 0 0 *
42285 * 795
users:(("kdeconnectd",pid=3593,fd=3))
u_str ESTAB 0 0 *
8474 * 2666
users:(("kdeconnectd",pid=3593,fd=15))
u_str ESTAB 0 0 *
39447 * 11888
users:(("kdeconnectd",pid=3593,fd=17))
u_str ESTAB 0 0 *
39448 * 17952
users:(("kdeconnectd",pid=3593,fd=18))
udp UNCONN 0 0
*:1716 *:*
users:(("kdeconnectd",pid=3593,fd=20))
