Bug#808408: kdeinit4 starts on a xfce - session
Hi, In data sabato 19 dicembre 2015 21:16:20, Jörg Frings-Fürst ha scritto: > since the last update kdeinit4 starts on a xfce session: The last update of what? kdelibs-bin (which was rebuilt for the libgif SONAME bump)? Other packages? > ps -Af | grep kde > root37 2 0 20:49 ?00:00:00 [kdevtmpfs] > jff 5752 1 0 20:51 ?00:00:00 kdeinit4: kdeinit4 Running... > jff 5757 5752 0 20:51 ?00:00:00 kdeinit4: klauncher [kdeinit] > --fd > jff 5771 1 0 20:51 ?00:00:00 kdeinit4: kded4 [kdeinit] > jff 6708 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6709 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6712 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6714 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6715 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6718 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6719 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6723 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6724 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6727 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6729 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6736 5752 0 20:52 ?00:00:00 > /usr/lib/kde4/libexec/kio_http_cache_cleaner > jff 6760 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6761 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6762 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6764 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6901 5654 0 20:53 pts/200:00:00 grep kde Are you running any application that uses kdelibs 4.x? Can you please paste a complete `ps uxw` output? My guess though lies on kaccessibleapp (based on kdelibs 4.x), #808389. > I think that running unwanted programs on a system is always a security hole. kdeinit4 is an helper tool for kdelibs 4.x applications, not a random script nor anything dangerous. If just running it is a "security hole", then all the KDE4 users (and those using kdelibs 4.x applications outside KDE) would have security holes, which is not the case. > Therefore > I set the severity to critical. While I can understand the "I don't want unwanted applications running", surely it is nothing more than an annoyance. Thanks, -- Pino Toscano signature.asc Description: This is a digitally signed message part.
Bug#808408: kdeinit4 starts on a xfce - session
Hi, is there a justification for the downgrade on the severity to normal? CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54526 Niederkail Threema: SYR8SJXB IRC: j_...@freenode.net j_...@oftc.net My wish list: - Please send me a picture from the nature at your home. signature.asc Description: This is a digitally signed message part
Bug#808408: kdeinit4 starts on a xfce - session
Hi, supplement: $ ps -Af | grep kde && sudo systemctl stop kdeinit4 root37 2 0 20:49 ?00:00:00 [kdevtmpfs] jff 5752 1 0 20:51 ?00:00:00 kdeinit4: kdeinit4 Running... jff 5757 5752 0 20:51 ?00:00:00 kdeinit4: klauncher [kdeinit] --fd jff 5771 1 0 20:51 ?00:00:00 kdeinit4: kded4 [kdeinit] jff 6708 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6714 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6718 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6723 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6727 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6736 5752 0 20:52 ?00:00:00 /usr/lib/kde4/libexec/kio_http_cache_cleaner jff 7698 1 0 20:55 ?00:00:00 /usr/lib/kde4/libexec/kaccessibleapp jff 15636 5752 0 21:31 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 15684 5654 0 21:33 pts/200:00:00 grep kde Failed to stop kdeinit4.service: Unit kdeinit4.service not loaded. CU Jörg -- New: GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB 30EE 09F8 9F3C 8CA1 D25D GPG key (long) : 09F89F3C8CA1D25D GPG Key: 8CA1D25D CAcert Key S/N : 0E:D4:56 Old pgp Key: BE581B6E (revoked since 2014-12-31). Jörg Frings-Fürst D-54526 Niederkail Threema: SYR8SJXB IRC: j_...@freenode.net j_...@oftc.net My wish list: - Please send me a picture from the nature at your home. signature.asc Description: This is a digitally signed message part
Bug#808408: kdeinit4 starts on a xfce - session
Package: kdelibs-bin Version: 4:4.14.14-1+b1 Severity: critical File: /usr/bin/kdeinit4 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, since the last update kdeinit4 starts on a xfce session: ps -Af | grep kde root37 2 0 20:49 ?00:00:00 [kdevtmpfs] jff 5752 1 0 20:51 ?00:00:00 kdeinit4: kdeinit4 Running... jff 5757 5752 0 20:51 ?00:00:00 kdeinit4: klauncher [kdeinit] - --fd jff 5771 1 0 20:51 ?00:00:00 kdeinit4: kded4 [kdeinit] jff 6708 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6709 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6712 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6714 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6715 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6718 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6719 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6723 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6724 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6727 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] https jff 6729 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6736 5752 0 20:52 ?00:00:00 /usr/lib/kde4/libexec/kio_http_cache_cleaner jff 6760 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6761 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6762 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6764 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit] http jff 6901 5654 0 20:53 pts/200:00:00 grep kde I think that running unwanted programs on a system is always a security hole. Therefore I set the severity to critical. CU Jörg - -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (500, 'testing-updates'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-1-amd64 (SMP w/6 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages kdelibs-bin depends on: ii libc6 2.21-4 ii libkdecore5 4:4.14.14-1+b1 ii libkdeui5 4:4.14.14-1+b1 ii libkio5 4:4.14.14-1+b1 ii libkjsapi44:4.14.14-1+b1 ii libkjsembed4 4:4.14.14-1+b1 ii libkrosscore4 4:4.14.14-1+b1 ii libnepomuk4 4:4.14.14-1+b1 ii libnepomukutils4 4:4.14.14-1+b1 ii libqt4-dbus 4:4.8.7+dfsg-5 ii libqt4-xml4:4.8.7+dfsg-5 ii libqtcore44:4.8.7+dfsg-5 ii libqtgui4 4:4.8.7+dfsg-5 ii libsoprano4 2.9.4+dfsg-3+b1 ii libstdc++65.3.1-3 ii libx11-6 2:1.6.3-1 kdelibs-bin recommends no packages. kdelibs-bin suggests no packages. - -- no debconf information -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJWdbsUAAoJEAn4nzyModJdcMsP/0onUGszu4h9+7E4j7rY4caw vKEH8JnYgnpnEe26IB86/ep17ihOZEonI0oWAaZX9EHGJKTV8DBlpYckY5ZY/QrC cqj5+2xmEf3wmL99J9NWvn1UVFggPX/2bZ5wQvqEwHyNAlu4fcOuJtO+cnWi75HD 0wW5PjLp1Dah4HlnJ2KJnV6JhLhPiqOFRP4GIcK+SIofybXBQtJEhzalTrwzoLLH /aakVz3qY0vLDYFV1tZS0+SD3sKJ8ip3L4ij0dIoZwYJvKp4aJ3uw3gOrZ4AyKgk 7uaNezAesX/a2Xdf+9Nno7qLJVS58/9gB6hii2LoAwSLqT4Z6tlIwzL/h79+kbx2 7kVbUAwaXMtBBu33MaOYekmxoMpojlRsTep7Tcoagr8t93lPshsSUn91bL0DduBT oEQ85cqeNoc3wivno44h92jHbJhbcpW2K1+YLaxxOODUaFMJWZ3VDqRgrHQJXqbk KAG8diHSgHf0wrxAuXOk0K1uz/pWEorbVKJbnnf9S+dRzzkDy4kkG7d9ITkGQzl/ CrNYHHJOGiTtNhArs26fyzJf48H6KZlJRhQKSdwa0E2Mai+e8bVTzEbsk6jCcll5 psbBmnDOkVfn4+ImusYpeucQI/+Dx04itbgF0xK59xuxu9T1LtDu1ejJAw6vbeZx ljNUV6f55OBU6y364TG8 =n+EQ -END PGP SIGNATURE-