https://bugs.kde.org/show_bug.cgi?id=515737
Bug ID: 515737
Summary: Unable to (increase security) bind krdpserver to
specific interfaces / IP addresses (E.G. 'localhost'
for SSH required access)
Classification: Applications
Product: systemsettings
Version First 6.5.5
Reported In:
Platform: Arch Linux
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: kcm_krdpserver
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Target Milestone: ---
This is a bit of a security bug, since enabling krdpserver via System Settings
results in a system with exposed network login. Greatly reduced security
relative to the option of exposing such a service only to users who have
already used OTHER mechanisms to reach the computer in a more strongly
authenticated fashion. Examples include SSH keys, TLS certified clients, etc.
Unable to bind krdpserver to specific interfaces / IP addresses (E.G.
'localhost' for SSH required access).
This is a regression compared to the security model of running a vnc server to
share an existing X session, but binding that to localhost and utilizing both
the strong security tunnel and authentication mechanisms afforded there with an
access passpharse.
Operating System: Arch Linux
KDE Plasma Version: 6.5.5
KDE Frameworks Version: 6.22.0
Qt Version: 6.10.2
Kernel Version: 6.18.7-arch1-1 (64-bit)
Graphics Platform: Wayland
Expected result:
In addition to allow-listing users who can login over RDP:
Allow-list interfaces (default to every IP it has)
Allow-list specific IPs / possibly 'match these IP ranges' (/32 and /128 would
be single host -- on a wildcard or specific interface)
--
You are receiving this mail because:
You are watching all bug changes.
