** Description changed:
Binary package hint: vino
- When enabling the VNC server in System → Preferences → Remote Desktop,
- Vino establishes an HTTP connect to an external website to check if
- connectivity is able:
+ [Impact]
+ Vino currently sends HTTP requests to external webservices in order to
attempt to determine outside reachability of the remote desktop service. Such
tests were intended to display a result to the user, but the message update was
disabled upstream (and has been for a little while). Unfortunately, the request
to the webservices were not fully disabled, which may lead users to believe
there are security issues with vino from the unwanted, unexplained traffic.
+
+ The proposed patch fixes the issue by completely disabling the
+ webservices connectivity checks.
+
+ [Test Case]
+ 1) Start tcpdump (preferably on a system that hasn't a browser open at the
time):
+ sudo tcpdump -i any tcp port 80
+ 2) Start vino-preferences
+ 3) Observe that there is:
+ a) with the original package: traffic being sent/received from
kamotini.kinghost.net or another such web service.
+ b) with the proposed package: no traffic being sent/received.
+
+ [Regression Potential]
+ Minimal to non-existent. Removing a feature that is not currently
user-visible, already partially disabled (i.e. totally disabled in the UI). The
connectivity check in its current form remains because it was not completely
disabled in UI, just the resulting message update was. (The test is done but
the result is only used to be shown to the user, except that UI update was
dropped upstream).
+
+ ===
+ When enabling the VNC server in System → Preferences → Remote Desktop, Vino
establishes an HTTP connect to an external website to check if connectivity is
able:
[pid 5841] connect(17, {sa_family=AF_INET, sin_port=htons(80),
sin_addr=inet_addr("189.38.80.51")}, 16) = -1 EINPROGRESS (Operation now
in progress)
http://git.gnome.org/browse/vino/tree/capplet/webservices - defines the
URLs to use to check connectivity while:
- http://git.gnome.org/browse/vino/tree/capplet/vino-url-webservice.c
Appears to establish the connection. This is sub-optimal and something
such as querying NetworkManager over D-Bus should be used instead.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/608701
Title:
vino establishes a HTTP connection to check connectivity
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vino/+bug/608701/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
