Ticket #1645 (new defect)
sugar-session opens remote listening ports
|Reported by:||sascha_silbe||Owned by:||erikos|
|Priority:||Unspecified by Maintainer||Milestone:||Unspecified by Release Team|
|Component:||sugar-toolkit||Version:||Git as of bugdate|
sugar-session currently listens on TCP (both IPv4 and IPv6) ports open to anyone (not just localhost). Even though (or arguably especially because) nothing seems to actually read from those sockets, it's bad style to do so.
They seem to get opened in src/sugar/gsm-xsmp.c. The code suggests there's a workaround if Xtrans.h is available, but unfortunately HAVE_X11_XTRANS_XTRANS_H only ever gets checked, but never set.
Given the copyright header (mentioning Novell) I guess this got copied from somewhere (what package? it's not documented in the file). The same source probably has an appropriate autoconf snippet we should copy as well.