Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#4157 closed enhancement (fixed)

Ability to Disable UPnP Advertisements

Reported by: davidski Owned by:
Milestone: 2.3.1 Component: libpurple
Version: 2.3.0 Keywords: upnp
Cc:

Description

Under the current (V2.3.0) Windows port, Pidgin always sends out Universal Plug and Play (UPnP) requests. There are no configuration or plug-in options to disable this advertisement. Being able to block these broadcasts would reduce the surface exposure of Pidgin and provide an alternative from the non-scalable kludge of blocking this request via host firewalls. All other network traffic seems to be controllable from the client.

Providing a configuration option (or a plugin) to disable the user to disable UPnP is requested.

Change History (7)

comment:1 Changed 11 years ago by datallah

  • Component changed from unclassified to libpurple
  • Keywords win32 removed
  • Owner lschiere deleted
  • Summary changed from Ability to Disable UPnP Advertisements under Windows UPnP to Ability to Disable UPnP Advertisements

This isn't a Windows specific issue.

comment:2 Changed 11 years ago by MarkDoliner

So what's the rationale for wanting to disable this? Just so that other people on your network can't detect that you're using Pidgin?

comment:3 Changed 11 years ago by davidski

No, I'm not at all concerned about trying to stealth Pidgin. :)

I am concerned about applications opening up and making advertisements without my explicit permission. At no point have I authorized Pidgin to make a UPnP discovery. From a service minimization standpoint, unnecessary services should be disabled. In addition to the poor track record of UPnP implementations in general, the possibility that a rogue UPnP advertisement could influence Pidgin's behavior without my authorization is a real concern.

UPnP is not used on any of my networks. While I can disable other protocols (AIM, ICQ, etc.), UPnP is currently hard coded as active. Unless the team consideres UPnP as essential a service as DNS (a hard stretch as many users disable UPnP as a standard hardening step), an enable/disable option on this would be much appreciated.

comment:4 Changed 11 years ago by datallah

It certainly isn't required for Pidgin's operation, and I guess it isn't unreasonable to be able to disable it even though it isn't really that high of a risk considering that this is an IM client and you're exposing yourself far more simply by logging into any of your accounts.

I'll add a "Enable automatic router port forwarding" preference to the network preferences that will be on by default.

If both that and "Autodetect IP address" are disabled, no UPnP or NAT-PMP requests will be made.

Sound reasonable?

comment:5 Changed 11 years ago by datallah@…

  • Milestone set to 2.3.1
  • Resolution set to fixed
  • Status changed from new to closed

(In cf97e20583ba14a840946c79a5d5182fb4a6648f) Allow UPnP and NAT-PMP port mapping to be disabled via a pref. This means that UPnP discovery will not occur if this new pref and the "Autodetect IP Address" pref are both unchecked. Fixes #4157.

comment:6 Changed 11 years ago by MarkDoliner

For the record I don't think the new preference is necessary. Isn't UPnP used only when you're trying to transfer a file? I've seen no evidence showing that it hurts users. I don't think we should add preferences to disable good features because of vague suggestions that UPnP causes security problems. I would understand the need for the preference if someone gave me a specific scenario where Pidgin's use of UPnP was dangerous.

comment:7 Changed 11 years ago by datallah

I don't think it is at all dangerous unless there is a flaw in the code such that a malformed response could do something bad.

I have actually wanted to disable it on my work machine due to a misconfigured internal router that advertises UPnP functionality, but really doesn't provide external port mappings. Of course, it isn't a problem apart from slightly delaying certain operations.

I don't feel strongly about this, but there are probably other people on networks that advertise UPnP who don't actually want to map ports externally for whatever reason.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!