On 27.01.20 07:30, Felix Dörre wrote:
> Hi,
>
> I found out, why keepass2 opens TCP ports. However on my system, keepass
> opens two TCP ports:
>
> The older one (that is already reported in this bug report) comes from
> strange behavior in mono itself. I opened a pull request against mono to
> fix it: https://github.com/mono/mono/pull/18583
>
> The newer one that presumable got added in the meantime is an IPC
> implementation that does things like keeping keepass single-instance and
> sending other events to a currently running instance (e.g. triggering
> auto-typing). I consider this feature a security risk and would rather
> not have it in my password manager. I've added a pull request to the
> debian repository to deactivate this feature:
> https://salsa.debian.org/dotnet-team/keepass2/merge_requests/1
>
> With these two changes, keepass2 seems tame now and does not open TCP
> ports anymore on my system.
>
I agree a tcp port for this rather simple usecase is overkill, it could
be replaced with a unix domain socket/fifo in $XDG_RUNTIME_DIR or some
other ipc method.
I would prefer to not hard disable it by commenting the code, but rather
either make it configurable or replace it with a unix domain socket/fifo.
I am sure upstream would also accept such a patch.
