Bug#805399: Logged every file name in $HOME to syslog
Package: kded5
Version: 5.15.0-1
Severity: important
File: /usr/bin/kded5
Apparently kded5 got restarted automatically (after killing it, see bug
805320). And after that, it decided to send its log output to syslog.
Quite a bit of output — almost 300,000 lines. All of it at (according to
journalctl) at priority 4 (warning).
That included, at least, logging lines like the following for every file
in my home directory:
Nov 16 18:22:50 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::toRemoteURL( QUrl("file:///home/anthony/Audio/Monsters_data/b00013.au") )
Nov 16 18:22:50 Zia org.kde.kded5[4940]: log_kioremote: result => KUrl()
Depending on setup, that's already a privacy violation. Even if not,
receiving a 50MB email from logcheck was *not* welcome.
It then went further, and logged all *activity*. E.g., here is after two
emails were delivered:
Nov 17 06:03:25 Zia org.kde.kded5[4940]: ()
Nov 17 06:03:25 Zia org.kde.kded5[4940]: ("/home/anthony/Maildir/new/1447758191.M94023P12683V000000000000FB03I0000000000085B60_0.Zia,S=2252", "/home/anthony/Maildir/new/1447758191.M922165P12691V000000000000FB03I0000000000085B67_0.Zia,S=5625")
Nov 17 06:03:25 Zia org.kde.kded5[4940]: ()
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::FilesChanged
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::toRemoteURL( QUrl("file:///home/anthony/Maildir/new/1447758191.M94023P12683V000000000000FB03I0000000000085B60_0.Zia,S=2252") )
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: result => KUrl()
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::toRemoteURL( QUrl("file:///home/anthony/Maildir/new/1447758191.M922165P12691V000000000000FB03I0000000000085B67_0.Zia,S=5625") )
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: result => KUrl()
Again, a privacy violation.
It also seems to log every hotkey executed. E.g., I used my xterm
hotkey, and this hit syslog:
Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-shorturi: "xterm"
Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-shorturi: path = "xterm" isLocalFullPath= false exists= false url= QUrl("xterm")
Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-ikws: "xterm" : QUrl("file:xterm") , type = 3
Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-ikws: "xterm"
It appears kded5 is built with a *lot* of debug output turned on—that
really ought not happen without e.g., some --debug option. And remember,
it's currently all at warning priority, not debug.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (150, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages kded5 depends on:
ii libc6 2.19-22
ii libkf5configcore5 5.15.0-1
ii libkf5coreaddons5 5.15.0-1
ii libkf5crash5 5.15.0-1
ii libkf5dbusaddons5 5.15.0-1
ii libkf5service-bin 5.15.0+-1
ii libkf5service5 5.15.0+-1
ii libqt5core5a 5.5.1+dfsg-6
ii libqt5dbus5 5.5.1+dfsg-6
ii libqt5gui5 5.5.1+dfsg-6
ii libqt5widgets5 5.5.1+dfsg-6
ii libstdc++6 5.2.1-23
kded5 recommends no packages.
kded5 suggests no packages.
-- no debconf information
Reply to: