Ubuntu
gnome-control-center package

RDP Sharing appears on by default in jammy

Bug #1969619 reported by Jeremy Bícha
54
This bug affects 12 people
Affects Status Importance Assigned to Milestone
Release Notes for Ubuntu
Fix Released
Undecided
Unassigned
gnome-control-center
Fix Released
Unknown
gnome-control-center (Ubuntu)
Fix Released
High
Unassigned
Ubuntu ubuntu-22.04.1
Jammy
Fix Released
High
Unassigned
Ubuntu ubuntu-22.04.1

Bug Description

Impact
======
1. It looks like RDP Sharing is turned on but it is not.
2. To actually turn on RDP Sharing, you would need to turn it off then turn it on.

This bugfix fixes it so that it correctly shown as off by default and turning it on works.

Test Case
=========
0. Start with a clean Ubuntu 22.04 install.
Or you can create a new user and log in as the new user.
1. Open the Settings app.
2. In the left sidebar, click Sharing. The switch at the top of the page needs to be off.
3. Turn the switch on. Then click Remote Desktop and turn it on.
4. Close the Settings app.
5. Open the Settings app and verify that Sharing is on and Remote Desktop is on.
6. Close the Settings app.
7. From a terminal, run
systemctl --user status gnome-remote-sharing.service

It should show the service as active (running) and
a line at the bottom should say RDP server started
8. Then run
systemctl --user stop gnome-remote-sharing.service
9. Open the Settings app. It should show that Remote Desktop sharing is off.
10. Turn on Sharing and turn on Remote Desktop sharing.
11. Run
systemctl --user status gnome-remote-sharing.service

It should show the service as active (running) and
a line at the bottom should say RDP server started

What Could Go Wrong
===================
This is a minimal fix proposed upstream.
The original implementation was insufficient.
The bugfix will allow Remote Desktop to be turned on and work correctly from the beginning.

More Details
============
To simplify this bug report, I removed a lot of troubleshooting details that can still be seen with the "See full activity log" link

Just opening the Sharing panel flips the gsettings key org.gnome.desktop.remote-desktop.rdp enable to true
and apparently tries to start RDP sharing. RDP sharing doesn't work because the TLS keys weren't set yet.

See original description
Jeremy Bícha (jbicha)
description: updated
Jeremy Bícha (jbicha)
description: updated
Jeremy Bícha (jbicha)
Changed in gnome-remote-desktop (Ubuntu Jammy):
status: New → Triaged
importance: Undecided → High
affects: gnome-control-center → gnome-remote-desktop
description: updated
Jeremy Bícha (jbicha)
no longer affects: gnome-remote-desktop (Ubuntu)
affects: gnome-remote-desktop → gnome-control-center
no longer affects: gnome-remote-desktop (Ubuntu Jammy)
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Thank you for filling in the bug! So from what I understand here, this means that sharing is disabled until someone opens the sharing screen in the gnome-control-center, right? I agree with the 'High' priority here in that case, but it's certainly not a 22.04 release blocker - however, the fix for that should be prepared ASAP and uploaded as a 0-day SRU, if possible. Actually, I even think maybe it should go through the security pocket, as at least to me this seems like a violation of our security policies by enabling RDP without the users knowledge. This way all the users would get this update as well via unattended updates.

Could we get some input from the security team? What do you think?

Łukasz Zemczak (sil2100)
Changed in gnome-control-center (Ubuntu Jammy):
milestone: none → ubuntu-22.04.1
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I think this is a bit more nefarious.

On an installed system, all you have to do to have port 3389/tcp suddenly open is to *visit* the "share" tab in the settings. No need to change a thing, just visit it, then close the window. Boom, you have rdp desktop sharing running. At least it's a random password (I think: it's not the local account password).

Jeremy Bícha (jbicha)
Changed in gnome-control-center (Ubuntu Jammy):
status: Triaged → In Progress
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Łukasz,

Yes, just opening the Sharing panel with gnome-control-center 1:41.4-1ubuntu12 is enough to attempt to start the RDP service.
systemctl --user status gnome-remote-desktop reports this error:

RDP TLS certificate and key not configured properly

I didn't check open ports but it makes sense that it would open the RDP port even though the RDP service isn't completely working.

description: updated
Jeremy Bícha (jbicha)
description: updated
Revision history for this message
Steve Beattie (sbeattie) wrote :

Hi, yes, from the Ubuntu Security team's perspective, this should go to the security pocket.

Brian Murray (brian-murray)
Changed in ubuntu-release-notes:
status: New → Fix Released
Jeremy Bícha (jbicha)
Changed in gnome-control-center (Ubuntu Jammy):
status: In Progress → Fix Committed
Jeremy Bícha (jbicha)
tags: added: verification-done verification-done-jammy
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

As agreed previously, releasing this early and through the -security pocket as well.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-control-center - 1:41.4-1ubuntu13

---------------
gnome-control-center (1:41.4-1ubuntu13) jammy; urgency=medium

  * Add patch to fix RDP Sharing on switch (LP: #1969619)

 -- Jeremy Bicha <email address hidden> Wed, 20 Apr 2022 15:02:15 -0400

Changed in gnome-control-center (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for gnome-control-center has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Pascal Nowack (pnowack) wrote :

While the fix here is correct, the assumptions in this issue are wrong. I wrote an explanation of this issue in https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1970039/comments/7.

Bug Watch Updater (bug-watch-updater)
Changed in gnome-control-center:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.