https://bugs.kde.org/show_bug.cgi?id=433142
Bug ID: 433142
Summary: Improvement for installer component needed
Product: kdeconnect
Version: 1.4
Platform: Microsoft Windows
OS: Microsoft Windows
Status: REPORTED
Severity: normal
Priority: NOR
Component: common
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
The UWP Installer (sideload.appx) should be improved to avoid leaving firewall
rules within replaced windows installations.
As the installer itself doesn't setup firewall rules, windows will as it
detects properly UWP apps requireing network access. Windows itself asks the
user to setup a firewall rule for this application.
This causes for users which often updates the kdeconnect application constantly
4 no more used firewall rules.
Along with the design of Windows Firewall which offer the possibility to
identify an application simply by its name and installation path for a certain
firewall rule, this can cause issues.
Leaving this firewall rules would leave possibly a security hole were as evil
individuums can try to prepare their own kdeconnect app from the souces along
with maliscious code and try bring a user to download and install this app
along with the same file name would allow the individuum to hide required
internet access as windows doesn't ask anymore for setting up rules.
STEPS TO REPRODUCE
1. Install latest version.
2. Open Windows Firewall control
3. check set up rules for kdeconnect
OBSERVED RESULT
the former installation left a firewall rule identified by the name of the
appliaction and the installation path
EXPECTED RESULT
the UWP installer deleted old unused firewall rules
SOFTWARE/OS VERSIONS
Windows: 10
macOS:
Linux/KDE Plasma:
(available in About System)
KDE Plasma Version:
KDE Frameworks Version:
Qt Version:
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
