On 27.01.20 07:30, Felix Dörre wrote: > Hi, > > I found out, why keepass2 opens TCP ports. However on my system, keepass > opens two TCP ports: > > The older one (that is already reported in this bug report) comes from > strange behavior in mono itself. I opened a pull request against mono to > fix it: https://github.com/mono/mono/pull/18583 > > The newer one that presumable got added in the meantime is an IPC > implementation that does things like keeping keepass single-instance and > sending other events to a currently running instance (e.g. triggering > auto-typing). I consider this feature a security risk and would rather > not have it in my password manager. I've added a pull request to the > debian repository to deactivate this feature: > https://salsa.debian.org/dotnet-team/keepass2/merge_requests/1 > > With these two changes, keepass2 seems tame now and does not open TCP > ports anymore on my system. >
I agree a tcp port for this rather simple usecase is overkill, it could be replaced with a unix domain socket/fifo in $XDG_RUNTIME_DIR or some other ipc method. I would prefer to not hard disable it by commenting the code, but rather either make it configurable or replace it with a unix domain socket/fifo. I am sure upstream would also accept such a patch.
