[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#805399: Logged every file name in $HOME to syslog

Package: kded5
Version: 5.15.0-1
Severity: important
File: /usr/bin/kded5

Apparently kded5 got restarted automatically (after killing it, see bug
805320). And after that, it decided to send its log output to syslog.

Quite a bit of output — almost 300,000 lines. All of it at (according to
journalctl) at priority 4 (warning).

That included, at least, logging lines like the following for every file
in my home directory:

Nov 16 18:22:50 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::toRemoteURL( QUrl("file:///home/anthony/Audio/Monsters_data/b00013.au") )
Nov 16 18:22:50 Zia org.kde.kded5[4940]: log_kioremote: result => KUrl()

Depending on setup, that's already a privacy violation. Even if not,
receiving a 50MB email from logcheck was *not* welcome.

It then went further, and logged all *activity*. E.g., here is after two
emails were delivered:

Nov 17 06:03:25 Zia org.kde.kded5[4940]: ()
Nov 17 06:03:25 Zia org.kde.kded5[4940]: ("/home/anthony/Maildir/new/1447758191.M94023P12683V000000000000FB03I0000000000085B60_0.Zia,S=2252", "/home/anthony/Maildir/new/1447758191.M922165P12691V000000000000FB03I0000000000085B67_0.Zia,S=5625")
Nov 17 06:03:25 Zia org.kde.kded5[4940]: ()
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::FilesChanged
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::toRemoteURL( QUrl("file:///home/anthony/Maildir/new/1447758191.M94023P12683V000000000000FB03I0000000000085B60_0.Zia,S=2252") )
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: result => KUrl()
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: RemoteDirNotify::toRemoteURL( QUrl("file:///home/anthony/Maildir/new/1447758191.M922165P12691V000000000000FB03I0000000000085B67_0.Zia,S=5625") )
Nov 17 06:03:25 Zia org.kde.kded5[4940]: log_kioremote: result => KUrl()

Again, a privacy violation.

It also seems to log every hotkey executed. E.g., I used my xterm
hotkey, and this hit syslog:

Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-shorturi: "xterm"
Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-shorturi: path = "xterm"  isLocalFullPath= false  exists= false  url= QUrl("xterm")
Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-ikws: "xterm" : QUrl("file:xterm") , type = 3
Nov 17 13:01:55 Zia org.kde.kded5[4940]: org.kde.kurifilter-ikws: "xterm"

It appears kded5 is built with a *lot* of debug output turned on—that
really ought not happen without e.g., some --debug option. And remember,
it's currently all at warning priority, not debug.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (150, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kded5 depends on:
ii  libc6              2.19-22
ii  libkf5configcore5  5.15.0-1
ii  libkf5coreaddons5  5.15.0-1
ii  libkf5crash5       5.15.0-1
ii  libkf5dbusaddons5  5.15.0-1
ii  libkf5service-bin  5.15.0+-1
ii  libkf5service5     5.15.0+-1
ii  libqt5core5a       5.5.1+dfsg-6
ii  libqt5dbus5        5.5.1+dfsg-6
ii  libqt5gui5         5.5.1+dfsg-6
ii  libqt5widgets5     5.5.1+dfsg-6
ii  libstdc++6         5.2.1-23

kded5 recommends no packages.

kded5 suggests no packages.

-- no debconf information
Reply to: