vino establishes a HTTP connection to check connectivity
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vino (Ubuntu) |
Fix Released
|
High
|
Mathieu Trudel-Lapierre | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: vino
[Impact]
Vino currently sends HTTP requests to external webservices in order to attempt to determine outside reachability of the remote desktop service. Such tests were intended to display a result to the user, but the message update was disabled upstream (and has been for a little while). Unfortunately, the request to the webservices were not fully disabled, which may lead users to believe there are security issues with vino from the unwanted, unexplained traffic.
The proposed patch fixes the issue by completely disabling the webservices connectivity checks.
[Test Case]
1) Start tcpdump (preferably on a system that hasn't a browser open at the time):
sudo tcpdump -i any tcp port 80
2) Start vino-preferences
3) Observe that there is:
a) with the original package: traffic being sent/received from kamotini.
b) with the proposed package: no traffic being sent/received.
[Regression Potential]
Minimal to non-existent. Removing a feature that is not currently user-visible, already partially disabled (i.e. totally disabled in the UI). The connectivity check in its current form remains because it was not completely disabled in UI, just the resulting message update was. (The test is done but the result is only used to be shown to the user, except that UI update was dropped upstream).
===
When enabling the VNC server in System → Preferences → Remote Desktop, Vino establishes an HTTP connect to an external website to check if connectivity is able:
[pid 5841] connect(17, {sa_family=AF_INET, sin_port=htons(80), sin_addr=
http://
- http://
Appears to establish the connection. This is sub-optimal and something such as querying NetworkManager over D-Bus should be used instead.
Changed in vino (Ubuntu): | |
assignee: | nobody → Mathieu Trudel-Lapierre (mathieu-tl) |
description: | updated |
Thanks for opening this bug, but how exactly would NetworkManager know if an _incoming_ port is open or not?