New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
external connections from keepassxc-proxy #100
Comments
keepassxc-proxy is using only Unix Domain sockets for communication. So showing some TCP sockets open seems a bit strange.. |
Apparently this thing is based upon high level libs and some google magic. Honestly, it is not very surprising that it can be doing a lot more than it was intended to. I suspect it might be related to extension debugging which I initiated from chromium as the extension did not work for me. Unfortunately I had to kick it out from the host and it will take me some time to repeat it in a VM. |
Google owns the 173.194.0.0 ip range. https://ipinfo.io/173.194.222.190 When you enabled debugging you probably also enabled stats reporting and other things. The top two tcp lines are local connections. |
One of the components provided by keepassxc openned a connection to external IP. |
Can you please elaborate where do you see this connection and where does it connect? Or is this still some Google magic? Also, please note that while Reopening the issue until this has been solved. |
Got the same picture with fresh ubuntu 17.10 install in VM. Steps to reproduce:
It will also open remote connections on subsequent restarts, but you might need to try a few times. |
I'm seeing this too. All the ports are 80 or 443 so this is clearly web browser traffic. I'm pretty sure this has something to do with native messaging because the keepassxc-proxy process is started by the browser. The reason for this is unclear, and I don't like seeing this kind of behaviour. Btw, the socket list disappears when you close your browser. |
I just want to let everyone know that i see the same behavior. Actually i found this bug while searching for answers. tcp 0 0 192.168.1.1:54300 151.101.37.105:http ESTAB 2724/keepassxc-prox |
Seems these connections happen only with Firefox. I opened a bug. Let's see what they respond. |
After I tested this, I personally found that turning off the telemetry and usage data in Firefox prevented the sockets from being opened. @varjolintu could not replicate that fix though. Chromium does not exhibit this behavior at all. |
For me the opened connection was a HTTP GET request to Also, see this. This still doesn't explain why native messaging opens those TCP sockets. |
According to this page the bug is fixed with Firefox 61. |
I'm closing this issue since it is clearly not a KeePassXC issue. |
Could you please, reopen and investigate further. KeepassXC-Browser opens ports to several awkward addresses, non-Google, such as 104.31.74.222 (Cloudflare), 193.229.109.157, etc. |
@brzd KeePassXC-Browser? Do you mean keepassxc-proxy? Looking at the Firefox issue few messages earlier they have fixed the bug. What browser are you using? Any details are welcome. Just to make clear: keepassxc-proxy (or the extension, with the exception of GitHub when checking the latest KeePassXC version available) DOES NOT open any connections to anywhere. The only thing keepassxc-proxy uses is a local Unix domain socket that communicates directly with KeePassXC. |
Firefox 66.0.1 So it would still be the same issue with firefox? |
@brzd Mozilla reports it has been fixed in Firefox 61. I'll try to reproduce this myself and make another bug report if necessary. This is related to native messaging itself, not KeePassXC or the proxy. |
i've the same issue with keepassxc-proxy & i'm running the flatpak one . $ sockstat -4 -l Debug info KeePassXC - 2.4.1 |
@Cherkah This is a Firefox bug. Your passwords are not sent anywhere. Even if that bug would leak any data (for some reason), it would be encrypted. |
ok but why can't we untick the option keepassx-proxy (keepassxc flatpak/snap) whereas the distro app (debian) we can? the option is greyed
maybe, but i'm the kind of people which do not have any confidence about amazon (143.204.192.7:443 ESTABLISHED). please make the option un-greyed. |
@Cherkah you can just not use the browser extension. Even if there is no proxy, launching the KeePassXC application itself would cause those phantom connections to occur. We have zero control over that because, as repeatedly stated, this is a bug/feature in Firefox itself. |
after let a ticket to mozilla foundation about this probleme ( base on your statement and my connection report) it seem that is your softwar which make bull****. i do not understand why varjolintu tells & droidmonkey tells are so divergent?! for one it is not normal and for the other one " those phantom connections" are secure.... just to test your soft i reinstall all my system, change my browser, block ip via iptable: the issue remains. so sorry but i' do not trust your app. results: uninstall it and change all my password. thanks |
@Cherkah It's a known problem in Firefox that causes this issue. Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1463873. There's still no fix available. These phantom connections mean that KeePassXC or the proxy doesn't directly open a socket to anywhere, but when Firefox forks a process via Native Messaging, those sockets are copied to the other process. And also, KeePassXC or the proxy doesn't use those sockets for anything. If you want to get rid of the bug or you are concerned (assuming you don't trust our application), all you can do is to switch to another browser. You are also always welcome to inspect our source code if you think our applications are making some phantom connections. |
Any updates on this? This is suspicious. |
We cannot do anything about that. It's a Firefox bug. We neither open nor use these connections. |
@varjolintu, ok, then why don't make keepassxc-proxy explicitly close any leftover fd's on start? |
@j1warren That could be possible yes, but I wonder if there's a solid cross-platform way to do that. |
Can we close a socket owned by a parent process? |
We should investigate if the socket is indeed a copy. In that closing them would probably cause more bad than good. |
Would you please reopen this issue? This issue still exists: the keepassxc-proxy processes still have connections outside the local machine in the latest versions of Firefox + Keepassxc + keepassxc plugin :( . This alone put KeepassXC in a few companies on the ban list :( . Thank you. |
@aadrian Again: this is not a KeePassXC issue. It's a Firefox bug. |
@varjolintu This issue affects KeePassXC however, even if (technically) the source of the Bug is Firefox. Also because of this: not Firefox landed on the ban list, but KeePassXC :( . IMO until the problem is fixed, the issue should not be "closed" but kept open with a tag/label of "waiting for 3rd party". If there's a simple temporary workaround until FF is fixed (e.g. a simple |
@aadrian I'll open this with the label added. |
Same here on firefox, browser plugin creates open sockets
Just for documentation |
Expected Behavior
If my understanding is correct keepassxc should not have any external communication.
Current Behavior
$ netstat -atpn | grep keepass
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:6080 0.0.0.0:* LISTEN 8307/keepassxc-prox
tcp 0 0 127.0.0.1:6080 127.0.0.1:55164 CLOSE_WAIT 8307/keepassxc-prox
tcp 1 0 192.168.1.4:55578 173.194.222.190:443 CLOSE_WAIT 8307/keepassxc-prox
tcp 1 0 192.168.1.4:48552 173.194.221.139:443 CLOSE_WAIT 8307/keepassxc-prox
Debug info
KeePassXC - 2.3.1
keepassxc-browser - 1.0.1
Operating system: Linux
Browser: Firefox/Chromium
Proxy used: YES
The text was updated successfully, but these errors were encountered: