538018 – net-misc/tigervnc - xvnc -localhost: listens on all interfaces

Bug 538018 - net-misc/tigervnc - xvnc -localhost: listens on all interfaces

Summary: net-misc/tigervnc - xvnc -localhost: listens on all interfaces

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Raúl Porcel (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-27 23:40 UTC by David K. Thompson
Modified:	2015-02-06 20:48 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David K. Thompson 2015-01-27 23:40:13 UTC

-localhost is supposed to only bind the local interface only.

It appears that when testing the availability of the display number the function "displayNumFree" creates an unreferenced TcpListener on 6000+n where n is the available display number being tested. The port is open on all interfaces. No connections are accepted on the port.

Maybe this could check for -localhost and/or just bind local interface in all cases?

Comment 1 David K. Thompson 2015-01-27 23:56:53 UTC

On further reading, this appears to happen in unix/xserver/hw/vnc/xvnc.cc line 355 in displayNumFree()

Comment 2 Raúl Porcel (RETIRED) gentoo-dev

2015-02-02 13:19:50 UTC

Please report this upstream.

Comment 3 David K. Thompson 2015-02-06 20:48:20 UTC

https://github.com/TigerVNC/tigervnc/issues/115

Thanks.