vino http server binds to external interfaces despite local_only configuration

Bug #984093 reported by andornaut on 2012-04-17
34
This bug affects 5 people
Affects Status Importance Assigned to Milestone
vino
Fix Released
Medium
vino (Ubuntu)
Low
Unassigned

Bug Description

Environment:

Debian Wheezy
Vino 3.2.2-1+b1

Vino is configured for local access only via:

gconftool-2 --set /desktop/gnome/remote_access/local_only --type bool true

Vino's vnc server is only listening on localhost:5900 and no other interfaces - as expected.

Vino's http server, though, is listening on all interfaces, despite the local_only configuration. The expected behaviour would be for all vino services, including the http server, to only bind to the localhost interface when configured accordingly.

Sebastien Bacher (seb128) wrote :

Thank you for your bug report, that's the Ubuntu bug tracker you are using and not the Debian one though, is that an issue as well in the current Ubuntu version?

Changed in vino (Ubuntu):
status: New → Triaged
importance: Undecided → Low
status: Triaged → Incomplete
andornaut (andornaut) wrote :

I mistakenly filed this bug with Ubuntu, when it would be more appropriate to file it with Debian or with Gnome (which I've also done). I cannot say whether this bug occurs with the current Ubuntu release, though I'd suspect that it does.

Sebastien Bacher (seb128) wrote :

thanks, let's see what upstream says

Changed in vino (Ubuntu):
status: Incomplete → Triaged
Changed in vino:
importance: Unknown → Medium
status: Unknown → New
Mihai Capotă (mihaic) wrote :

As far as I know, the HTTP server is Vino is not used in Ubuntu. So as a workaround, the HTTP server can be disabled by passing the --disable-http-server flag during configuration.

The attachment "Patch for debian/rules to disable HTTP server" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Jamie Strandboge (jdstrand) wrote :

Thanks for the patch! I'm uncomfortable ACKing this patch without more supporting information that it disabling it won't break people. I think the proper thing to do is continue to wait on upstream's response. It would probably make the process go quicker if a patch was submitted upstream that fixed the buggy behavior.

Unsubscribing ubuntu-sponsors for now. If you'd like to have a patch applied to Ubuntu, please link to a bzr branch or supply a debdiff (see https://wiki.ubuntu.com/SponsorshipProcess for details).

Thanks again.

Changed in vino:
status: New → Fix Released
Phill (phill.l) wrote :

Current situation on 14.04 LTS is the port 5800 is still open and currently responds to HTTP requests with:

<html><head><title>File Not Found</title></head>
<body><h1>File Not Found</h1></body></html>

Verified this was vino by killing it to see the port closed. Verified on a remote machine. In my testing I used the instructions in https://help.ubuntu.com/community/VNC/Servers were followed to allow only local connections.

Changed in vino (Ubuntu):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vino - 3.8.1-0ubuntu7

---------------
vino (3.8.1-0ubuntu7) xenial; urgency=medium

  * debian/patches/git_struct_init.patch:
    - "Be more careful with memory allocation", should fix some of the
      segfault issues reports (lp: #987287)
  * debian/patches/git_small_bugfixes.patch:
    - backport some easy bugfixes
  * debian/patches/git_no_http_server.patch:
    - remove http server, it's not used and listen on interfaces for no
      reason (lp: #984093)

 -- Sebastien Bacher <email address hidden> Fri, 20 Nov 2015 16:51:19 +0100

Changed in vino (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.