Bug#998197: kdeconnectd: should not listen on all interfaces by default

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#998197: kdeconnectd: should not listen on all interfaces by default
From: Witold Baryluk <witold.baryluk@gmail.com>
Date: Sun, 31 Oct 2021 21:00:23 +0000
Message-id: <[🔎] 163571402324.393172.13833457620917441689.reportbug@localhost>
Reply-to: Witold Baryluk <witold.baryluk@gmail.com>, 998197@bugs.debian.org
Package: kdeconnect
Version: 21.08.2-1
Severity: normal
File: kdeconnectd
X-Debbugs-Cc: witold.baryluk@gmail.com

Dear Maintainer,

I do not use KDE. I use MATE, but do have many kde packages installed via
some high level kde packages. I did not install kdeconnect directly.

I did not start any KDE program.

Yet, kdeconnectd is running, and listening on port 1716 on all
interfaces, including the one on public internet directly. (I routinly
scan my computers from external networks, so this is how I found it out)

root@debian:~# ps aux | grep kdeco
user        3593  0.0  0.0 590196 70460 ?        SLl  Oct30   0:09 /usr/lib/x86_64-linux-gnu/libexec/kdeconnectd


root@debian:~# ss -apn | grep kdeconnect
u_str ESTAB      0      0                                                 * 799                                                * 11887   users:(("kdeconnectd",pid=3593,fd=7))                                                                                                                                                                                                                                                                
u_str ESTAB      0      0                                                 * 797                                                * 20707   users:(("kdeconnectd",pid=3593,fd=6))                                                                                                                                                                                                                                                                
u_str ESTAB      0      0                                                 * 42286                                              * 17937   users:(("kdeconnectd",pid=3593,fd=13))                                                                                                                                                                                                                                                               
u_str ESTAB      0      0                                                 * 5949                                               * 39446   users:(("kdeconnectd",pid=3593,fd=16))                                                                                                                                                                                                                                                               
u_str ESTAB      0      0                                                 * 28882                                              * 35128   users:(("kdeconnectd",pid=3593,fd=11))                                                                                                                                                                                                                                                               
u_str ESTAB      0      0                                                 * 42285                                              * 795     users:(("kdeconnectd",pid=3593,fd=3))                                                                                                                                                                                                                                                                
u_str ESTAB      0      0                                                 * 8474                                               * 2666    users:(("kdeconnectd",pid=3593,fd=15))                                                                                                                                                                                                                                                               
u_str ESTAB      0      0                                                 * 39447                                              * 11888   users:(("kdeconnectd",pid=3593,fd=17))                                                                                                                                                                                                                                                               
u_str ESTAB      0      0                                                 * 39448                                              * 17952   users:(("kdeconnectd",pid=3593,fd=18))                                                                                                                                                                                                                                                               
udp   UNCONN     0      0                                                 *:1716                                               *:*       users:(("kdeconnectd",pid=3593,fd=20))                                                                                                                                                                                                                                                               
tcp   LISTEN     0      50                                                *:1716                                               *:*       users:(("kdeconnectd",pid=3593,fd=21))      





Looking at kde connect, it looks like a cool project, but maybe some form
of explicit confirmation, or starting it first should be required, before
it activates like that?

I might be ok with ssh or http server doing this, but I do not think it
is good idea to do so by most other packages just by mere fact of
installing them, but not configuring them.

kdeconnect and nftlb are really the only two packages (out of 9013 on my
system) doing this, when they probably should not.

Regards,
Witold


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-rc7 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kdeconnect depends on:
ii  fuse3                                    3.10.5-1
ii  kio                                      5.86.0-1
ii  kpeople-vcard                            0.1-2
ii  libc6                                    2.32-4
ii  libfakekey0                              0.3+git20170516-2
ii  libkf5configcore5                        5.86.0-1
ii  libkf5configwidgets5                     5.86.0-1
ii  libkf5coreaddons5                        5.86.0-1
ii  libkf5dbusaddons5                        5.86.0-1
ii  libkf5i18n5                              5.86.0-1
ii  libkf5iconthemes5                        5.86.0-1
ii  libkf5kcmutils5                          5.86.0-1
ii  libkf5kiocore5                           5.86.0-1
ii  libkf5kiofilewidgets5                    5.86.0-1
ii  libkf5kiogui5                            5.86.0-1
ii  libkf5kiowidgets5                        5.86.0-1
ii  libkf5notifications5                     5.86.0-1
ii  libkf5people5                            5.86.0-1
ii  libkf5pulseaudioqt3                      1.3-2
ii  libkf5service-bin                        5.86.0-1
ii  libkf5service5                           5.86.0-1
ii  libkf5solid5                             5.86.0-1
ii  libkf5waylandclient5                     4:5.86.0-1
ii  libkf5widgetsaddons5                     5.86.0-1
ii  libkf5windowsystem5                      5.86.0-1
ii  libqca-qt5-2                             2.3.4-1
ii  libqca-qt5-2-plugins                     2.3.4-1
ii  libqt5core5a                             5.15.2+dfsg-12
ii  libqt5dbus5                              5.15.2+dfsg-12
ii  libqt5gui5                               5.15.2+dfsg-12
ii  libqt5multimedia5                        5.15.2-3
ii  libqt5network5                           5.15.2+dfsg-12
ii  libqt5qml5                               5.15.2+dfsg-8
ii  libqt5quick5                             5.15.2+dfsg-8
ii  libqt5quickcontrols2-5                   5.15.2+dfsg-4
ii  libqt5waylandclient5                     5.15.2-4
ii  libqt5widgets5                           5.15.2+dfsg-12
ii  libqt5x11extras5                         5.15.2-2
ii  libstdc++6                               11.2.0-10
ii  libwayland-client0                       1.19.0-2+b1
ii  libx11-6                                 2:1.7.2-2+b1
ii  libxtst6                                 2:1.2.3-1
ii  plasma-framework                         5.86.0-1
ii  qml-module-org-kde-kirigami2             5.86.0-1
ii  qml-module-org-kde-kquickcontrolsaddons  5.86.0-1
ii  qml-module-org-kde-people                5.86.0-1
ii  qml-module-qt-labs-platform              5.15.2+dfsg-4
ii  qml-module-qtgraphicaleffects            5.15.2-2
ii  qml-module-qtmultimedia                  5.15.2-3
ii  qml-module-qtqml                         5.15.2+dfsg-8
ii  qml-module-qtquick-controls2             5.15.2+dfsg-4
ii  qml-module-qtquick-dialogs               5.15.2-2
ii  qml-module-qtquick-layouts               5.15.2+dfsg-8
ii  qml-module-qtquick-particles2            5.15.2+dfsg-8
ii  qml-module-qtquick-window2               5.15.2+dfsg-8
ii  qml-module-qtquick2                      5.15.2+dfsg-8
ii  sshfs                                    3.7.1+repack-2

kdeconnect recommends no packages.

kdeconnect suggests no packages.

-- no debconf information
Reply to:
Prev by Date: kirigami-addons_0.2-1_amd64.changes REJECTED
Next by Date: Bug#998203: yakuake's icon does not come in mate notification area
Previous by thread: kirigami-addons_0.2-1_amd64.changes REJECTED
Next by thread: Bug#998203: yakuake's icon does not come in mate notification area
Index(es):
- Date
- Thread