Ubuntu
gnome-remote-desktop package

gnome-remote-desktop user service is always running

Bug #1973028 reported by Jeremy Bícha
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gnome-remote-desktop (Ubuntu)
Fix Released
Low
Unassigned
Jammy
Fix Released
Low
Unassigned

Bug Description

Impact
------
The gnome-remote-desktop systemd user service is always running.

This was a contributing factor for LP: #1971415

Although it's "harmless" for the user service to be running if remote desktop sharing is not enabled, it's a waste of resources to run a service if it's not needed.

Test Case
---------
Install all Ubuntu updates and the gnome-remote-desktop update.
From a clean install (or new user), run this command:
systemctl --user status gnome-remote-desktop.service

It should show the service as "Active: inactive"

Open the Settings app to the Sharing page. Turn on Sharing and turn on Remote Desktop. Use the systemctl command to verify that the service is "Active: active (running). Log out and log back in and reverify.

Now turn off Remote Desktop Sharing and verify that the service is inactive. Log out and log back in and reverify.

More details
-------------------
This fix uses a dpkg postinst script to remove /etc/systemd/user/gnome-session.target.wants/gnome-remote-desktop.service . (That file is a symlink to the actual service). We couldn't use https://manpages.debian.org/unstable/dpkg-maintscript-helper because the file is technically not a "conffile" as recognized by dpkg.

It also modifies debian/rules so that that file is no longer automatically added.

Instead of /etc/systemd/user/ , the user service is intended to be enabled with the symlink ~/.config/systemd/user/gnome-session.target.wants/gnome-remote-desktop.service . That is appropriate since the GNOME implementation is per-user, not system-wide and it is also disabled by default.

Fixing this bug has been strongly urged by the GNOME Remote Desktop maintainers, and this brings us in line with how non-Debian distros have been packaging gnome-remote-desktop.

What could go wrong
-------------------
The RDP and VNC sharing services in GNOME could start when they shouldn't or not start when they should.

See original description
Jeremy Bícha (jbicha)
Changed in gnome-remote-desktop (Ubuntu Jammy):
importance: Undecided → Low
status: New → Triaged
Jeremy Bícha (jbicha)
Changed in gnome-remote-desktop (Ubuntu):
status: Fix Committed → Triaged
Jeremy Bícha (jbicha)
Changed in gnome-remote-desktop (Ubuntu):
status: Triaged → Fix Committed
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-remote-desktop - 42.1.1-2ubuntu1

---------------
gnome-remote-desktop (42.1.1-2ubuntu1) kinetic; urgency=medium

  * Merge with Debian. Remaining change:
    - Lower gnome-control-center dependency to 41

gnome-remote-desktop (42.1.1-2) unstable; urgency=high

  * Don't automatically enable the systemd user service (LP: #1973028)
  * Add postinst to remove the automatic enabling of the user service
  * debian/control: Lower mutter dependency so that these fixes reach
    Testing sooner

gnome-remote-desktop (42.1.1-1) unstable; urgency=medium

  * New upstream release (LP: #1970662)
    - Fixes black screen with virtio on qemu (LP: #1971195)
  * Drop all patches: applied in new release
  * Depend on libmutter instead of gnome-shell | budgie-desktop
    - This is a more accurate dependency
  * Require libmutter 42.1 for Nvidia fixes
  * Depend on fuse3 (Closes: #998846) (LP: #1970411)

 -- Jeremy Bicha <email address hidden> Thu, 12 May 2022 15:21:47 -0400

Changed in gnome-remote-desktop (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Alex Murray (alexmurray) wrote :

I am not sure I agree with the statement that this is "harmless" for the user service to be running if remote desktop sharing is not enabled - on my jammy system I can see the RDP port open thanks to gnome-remote-desktop:

$ ss -tlp | grep gnome-remote
LISTEN 0 10 *:ms-wbt-server *:* users:(("gnome-remote-de",pid=5851,fd=13))

And I have not manually enabled this - so I feel like this is potentially a security issue and should be prioritised as such for jammy.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Please use CVE-2022-1736 for the gnome-remote-desktop user service being enabled on Ubuntu.

The Debian packaging, and derivatives of both Ubuntu and Debian, for gnome-remote-desktop are probably very similar. The Debian policy strongly encourages services to be running by default after installation[1]. Ubuntu, however, strongly discourages open ports by default[2].

So, while there may be identical code in the other distributions, this may or may not be considered a vulnerability by the other distributions, based on their own policies.

Thanks

[1]: https://www.debian.org/doc/debian-policy/ch-opersys.html#managing-the-links
     "The default behaviour is to enable autostarting your package’s daemon"

[2]: https://wiki.ubuntu.com/Security/Features#ports
     "Default installations of Ubuntu must have no listening network services after initial install. Exceptions to this rule [enumerated exceptions elided]"

Jeremy Bícha (jbicha)
Changed in gnome-remote-desktop (Ubuntu Jammy):
status: Triaged → In Progress
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Jeremy, or anyone else affected,

Accepted gnome-remote-desktop into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gnome-remote-desktop/42.1.1-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in gnome-remote-desktop (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-jammy
Revision history for this message
Jeremy Bícha (jbicha) wrote :

I installed gnome-remote-desktop 42.1.1-0ubuntu1 and verified that the Test Case completes successfully.

tags: added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for gnome-remote-desktop has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-remote-desktop - 42.1.1-0ubuntu1

---------------
gnome-remote-desktop (42.1.1-0ubuntu1) jammy; urgency=medium

  * New upstream release (LP: #1970662)
    - Fixes black screen with virtio on qemu (LP: #1971195)
  * Drop all patches: applied in new release
  * Depend on libmutter instead of gnome-shell | budgie-desktop
    - This is a more accurate dependency
  * Require libmutter 42.1 for Nvidia fixes
  * Depend on fuse3 (Closes: #998846) (LP: #1970411)
  * Don't automatically enable the systemd user service (LP: #1973028)
  * Add postinst to remove the automatic enabling of the user service

 -- Jeremy Bicha <email address hidden> Tue, 17 May 2022 14:27:16 -0400

Changed in gnome-remote-desktop (Ubuntu Jammy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.