Bug 154243

Summary: ksmserver listens on all interfaces per default
Product: [Unmaintained] ksmserver Reporter: Martin Ammermüller <tenco>
Component: generalAssignee: Lubos Lunak <l.lunak>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Martin Ammermüller 2007-12-17 18:58:05 UTC 
Version:            (using KDE Devel)
Installed from:    Compiled sources
OS:                Linux

Output of netstat -tulpen:
-----------
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 0.0.0.0:53062           0.0.0.0:*               LISTEN      1000       55894       22975/ksmserver
tcp6       0      0 :::58727                :::*                    LISTEN      1000       55893       22975/ksmserver
------------

I think this is a dangerous default setting and a security threat. Sensible default setting should be to only listen on loopback/127.0.0.1
Comment 1 Martin Ammermüller 2008-03-13 11:08:30 UTC 
Still the case with 4.0.2.
Comment 2 Lubos Lunak 2008-03-18 16:36:05 UTC 
The ICE protocol uses authorization, so how exactly is this supposed to be a security threat?
Comment 3 Lubos Lunak 2008-05-02 14:19:22 UTC 
SVN commit 803253 by lunakl:

Add a missing configure check for _IceTransNoListen.
BUG: 154243



 M  +2 -0      CMakeLists.txt  


WebSVN link: http://websvn.kde.org/?view=rev&revision=803253