GNOME Bugzilla – Bug 674268
vino http server binds to external interfaces despite local_only configuration
Last modified: 2014-08-15 15:51:16 UTC
Environment: Debian Wheezy Vino 3.2.2-1+b1 Vino is configured for local access only via: gconftool-2 --set /desktop/gnome/remote_access/local_only --type bool true Vino's vnc server is only listening on localhost:5900 and no other interfaces - as expected. Vino's http server, on the other hand, is listening on all interfaces, despite the local_only configuration. The expected behaviour would be for all vino services, including the http server, to only bind to the localhost interface when configured accordingly.
Reproduced on vino 3.4.1-1 configured with: gsettings set org.gnome.Vino network-interface "lo"
This is still present in vino-3.12.0, although it's now no longer on http. Even using dconf-editor to specify org/gnome/desktop/network-interface as "lo", the 5800 service is available on every interface via ipv6 (note, it is not even present on ipv4 now): tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN 16802/vino-server tcp6 0 0 :::5800 :::* LISTEN 16802/vino-server tcp6 0 0 ::1:5900 :::* LISTEN 16802/vino-server Happy to run any tests necessary.
Created attachment 283505 [details] [review] Patch to disable http-server compilation in default configuration Since the source tree includes no files to be served by the HTTP server anyway, we can disable the HTTP server compilation by default, requiring a configure option to enable it. See patch.
Review of attachment 283505 [details] [review]: I would prefer if the HTTP server code was removed entirely.
Created attachment 283516 [details] [review] Patch to completely remove the HTTP server code (In reply to comment #4) > Review of attachment 283505 [details] [review]: > > I would prefer if the HTTP server code was removed entirely. Then please have a look at this patch.
Comment on attachment 283516 [details] [review] Patch to completely remove the HTTP server code Thanks for the patch. I pushed it with a minor change to also remove some HTTP debugging code, as commit f926606b97631208c4721605dfd866afe44ba7c2.