Bug 23253

Summary: KDE has started listening on a TCP port
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: kdebaseAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: dr
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: Florence Beta-3
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-02-28 19:46:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 2001-01-03 22:21:58 UTC 
This is a full RH7.1beta1 install. No tweaks.

I fired up the KDE2 desktop. Unfortunately, using "netstat -ao", this
exposed a KDE2 listening socket in the default config!!

The guilty process was "kdeinit".

If possible this listening socket should be slayed mercilessly. We've
only just managed to get GNOME tcp-socket free by default, it would
be nice to keep KDE in this state too.

Note that this is a regression from RH7.0, which used KDE1.1, which
did not have this problem.
Comment 1 Bernhard Rosenkraenzer 2001-01-04 11:33:21 UTC 
Where exactly are you seeing this? I can see kdeinit listening on a unix socket
only (in the current version, meaning 2.0.20010102).
Comment 2 Gerald Teschl 2001-01-04 11:49:47 UTC 
Can't see it here as well (palin beta1 install).
Comment 3 Bernhard Rosenkraenzer 2001-01-04 11:54:07 UTC 
Assuming it's misread netstat output, closing
Comment 4 Chris Evans 2001-01-05 22:33:44 UTC 
No its definitely there for me
Full install of everything, BETA1
Logged in via gdm, selecting "KDE" session
"netstat -ao" shows tcp port 1025 listening (1024 taken by rpc.statd)
lsof -i tcp:1025 shows the guilty party as
"kdeinit: kxmlrpcd"
If you still don't see it, perhaps we can leave the bug open and I'll
check beta2 when it arrives soon.
Comment 5 Bernhard Rosenkraenzer 2001-01-06 15:47:06 UTC 
Definitely not happening here; can't telnet to port 1025 either (just in case my
netstat is buggy ;) ).
Comment 6 Bernhard Rosenkraenzer 2001-01-11 19:51:14 UTC 
kxmlrpcd listens on a tcp socket and is intended to do so.
It's most definitely not started by default though, both by checking and
proofreading the code.
Comment 7 Chris Evans 2001-01-16 23:33:37 UTC 
Thanks for info - will check with BETA2 or BETA3.
Any idea what I may have done to get "xmlrpcd" to launch when I log in? Does
running up a
certain application activate "xmlrpcd"?
Comment 8 Chris Evans 2001-02-12 00:12:25 UTC 
Re-opening after playing with BETA-3.
My desktop is in a state where kxmlrpcd starts by default.
I run up konqueror, did some web browsing, and looked at
my home dir too. I also had some KDE terminals running.

Now the desktop starts xmlrpcd by default and listens on
a TCP socket. This is dangerous because
- The medium security firewall won't block it, since it's a
high port. A _lot_ of desktop users will only have the
medium firewall due to IRC, ICQ, etc.
Comment 9 Bernhard Rosenkraenzer 2001-02-28 20:22:45 UTC 
[2.1-5] Ok, I've made kxmlrpcd listen on a UNIX socket instead. This totally 
breaks its functionality though, but there's nothing that can be done about 
it. You can't do remote scripting without listening on a tcp socket...

To re-enable the functionality, add
[KDE]
RemoteScripting=true

to kdeglobals.