Ticket #1645 (new defect)

Opened 3 years ago

Last modified 3 years ago

sugar-session opens remote listening ports

Reported by: sascha_silbe Owned by: erikos
Priority: Unspecified by Maintainer Milestone: Unspecified by Release Team
Component: sugar-toolkit Version: Git as of bugdate
Severity: Unspecified Keywords:
Cc: Distribution/OS: Unspecified
Bug Status: New

Description

sugar-session currently listens on TCP (both IPv4 and IPv6) ports open to anyone (not just localhost). Even though (or arguably especially because) nothing seems to actually read from those sockets, it's bad style to do so.

They seem to get opened in src/sugar/gsm-xsmp.c. The code suggests there's a workaround if Xtrans.h is available, but unfortunately HAVE_X11_XTRANS_XTRANS_H only ever gets checked, but never set.

Given the copyright header (mentioning Novell) I guess this got copied from somewhere (what package? it's not documented in the file). The same source probably has an appropriate autoconf snippet we should copy as well.

Change History

in reply to: ↑ description   Changed 3 years ago by tomeu

Replying to sascha_silbe:


Given the copyright header (mentioning Novell) I guess this got copied from somewhere (what package? it's not documented in the file). The same source probably has an appropriate autoconf snippet we should copy as well.

AFAIK, from  http://git.gnome.org/browse/gnome-session

Note: See TracTickets for help on using tickets.