Bug 674268 – vino http server binds to external interfaces despite local_only configuration

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 674268 - vino http server binds to external interfaces despite local_only configuration


Summary:	vino http server binds to external interfaces despite local_only configuration


Status:	RESOLVED FIXED

Product:	vino
Classification:	Applications
Component:	Server
Version:	3.2.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Vino Maintainer(s)
QA Contact:	Vino Maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-04-17 16:03 UTC by andornaut
Modified:	2014-08-15 15:51 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Patch to disable http-server compilation in default configuration (1.25 KB, patch) 2014-08-15 14:38 UTC, Mihai Capotă	needs-work	Details \| Review
Patch to completely remove the HTTP server code (27.79 KB, patch) 2014-08-15 15:37 UTC, Mihai Capotă	committed	Details \| Review

Description andornaut 2012-04-17 16:03:36 UTC

Environment:
Debian Wheezy
Vino 3.2.2-1+b1

Vino is configured for local access only via:
gconftool-2 --set /desktop/gnome/remote_access/local_only --type bool true

Vino's vnc server is only listening on localhost:5900 and no other interfaces - as expected.

Vino's http server, on the other hand, is listening on all interfaces, despite the local_only configuration. The expected behaviour would be for all vino services, including the http server, to only bind to the localhost interface when configured accordingly.

Comment 1 andornaut 2012-05-26 19:32:30 UTC

Reproduced on vino 3.4.1-1 configured with: gsettings set org.gnome.Vino network-interface "lo"

Comment 2 Mike Auty 2014-06-10 01:01:08 UTC

This is still present in vino-3.12.0, although it's now no longer on http.  Even using dconf-editor to specify org/gnome/desktop/network-interface as "lo", the 5800 service is available on every interface via ipv6 (note, it is not even present on ipv4 now):

tcp        0      0 127.0.0.1:5900          0.0.0.0:*               LISTEN      16802/vino-server
tcp6       0      0 :::5800                 :::*                    LISTEN      16802/vino-server   
tcp6       0      0 ::1:5900                :::*                    LISTEN      16802/vino-server

Happy to run any tests necessary.

Comment 3 Mihai Capotă 2014-08-15 14:38:34 UTC

Created attachment 283505 [details] [review]
Patch to disable http-server compilation in default configuration

Since the source tree includes no files to be served by the HTTP server anyway, we can disable the HTTP server compilation by default, requiring a configure option to enable it. See patch.

Comment 4 David King 2014-08-15 14:43:32 UTC

Review of attachment 283505 [details] [review]:

I would prefer if the HTTP server code was removed entirely.

Comment 5 Mihai Capotă 2014-08-15 15:37:51 UTC

Created attachment 283516 [details] [review]
Patch to completely remove the HTTP server code

(In reply to comment #4)
> Review of attachment 283505 [details] [review]:
> 
> I would prefer if the HTTP server code was removed entirely.

Then please have a look at this patch.

Comment 6 David King 2014-08-15 15:51:09 UTC

Comment on attachment 283516 [details] [review]
Patch to completely remove the HTTP server code

Thanks for the patch. I pushed it with a minor change to also remove some HTTP debugging code, as commit f926606b97631208c4721605dfd866afe44ba7c2.