Hi, In data sabato 19 dicembre 2015 21:16:20, Jörg Frings-Fürst ha scritto: > since the last update kdeinit4 starts on a xfce session: The last update of what? kdelibs-bin (which was rebuilt for the libgif SONAME bump)? Other packages? > ps -Af | grep kde > root 37 2 0 20:49 ? 00:00:00 [kdevtmpfs] > jff 5752 1 0 20:51 ? 00:00:00 kdeinit4: kdeinit4 Running... > jff 5757 5752 0 20:51 ? 00:00:00 kdeinit4: klauncher [kdeinit] > --fd > jff 5771 1 0 20:51 ? 00:00:00 kdeinit4: kded4 [kdeinit] > jff 6708 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6709 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6712 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6714 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6715 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6718 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6719 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6723 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6724 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6727 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > https > jff 6729 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6736 5752 0 20:52 ? 00:00:00 > /usr/lib/kde4/libexec/kio_http_cache_cleaner > jff 6760 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6761 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6762 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6764 5752 0 20:52 ? 00:00:00 kdeinit4: kio_http [kdeinit] > http > jff 6901 5654 0 20:53 pts/2 00:00:00 grep kde Are you running any application that uses kdelibs 4.x? Can you please paste a complete `ps uxw` output? My guess though lies on kaccessibleapp (based on kdelibs 4.x), #808389. > I think that running unwanted programs on a system is always a security hole. kdeinit4 is an helper tool for kdelibs 4.x applications, not a random script nor anything dangerous. If just running it is a "security hole", then all the KDE4 users (and those using kdelibs 4.x applications outside KDE) would have security holes, which is not the case. > Therefore > I set the severity to critical. While I can understand the "I don't want unwanted applications running", surely it is nothing more than an annoyance. Thanks, -- Pino Toscano
Attachment:
signature.asc
Description: This is a digitally signed message part.