Bug#578019: libwebkit-1.0-2: makes DNS query for every mouse movement
Ian Bruce
ian_bruce at fastmail.net
Fri Apr 16 06:40:44 UTC 2010
Package: libwebkit-1.0-2
Version: 1.2.0-1
Severity: important
Webkit seems to make a DNS query for every mouse movement event that it receives
from the browser window. (This happens with both Epiphany and Midori, so I assume
that the problem is in Webkit.)
This is easy to reproduce; run the following command (as root):
tcpdump -n -i eth0 port 53
(use appropriate network interface for remote DNS server)
Then load any random website (say, www.debian.org) into a browser window, and simply
move the mouse pointer around in that window, without clicking on anything. This will
generate a continuous stream of hundreds of DNS queries, of the following form:
21:54:13.616734 IP client.address.net.55545 > dns.server.net.53: 47984+ A? . (17)
21:54:13.616870 IP client.address.net.55545 > dns.server.net.53: 21375+ AAAA? . (17)
21:54:13.637479 IP dns.server.net.53 > client.address.net.55545: 47984 0/1/0 (92)
21:54:13.638427 IP dns.server.net.53 > client.address.net.55545: 21375 0/1/0 (92)
21:54:13.657687 IP client.address.net.40289 > dns.server.net.53: 53754+ A? . (17)
21:54:13.657824 IP client.address.net.40289 > dns.server.net.53: 43656+ AAAA? . (17)
21:54:13.678386 IP dns.server.net.53 > client.address.net.40289: 53754 0/1/0 (92)
21:54:13.678841 IP dns.server.net.53 > client.address.net.40289: 43656 0/1/0 (92)
21:54:13.688747 IP client.address.net.34724 > dns.server.net.53: 52909+ A? . (17)
21:54:13.688878 IP client.address.net.34724 > dns.server.net.53: 19941+ AAAA? . (17)
21:54:13.709435 IP dns.server.net.53 > client.address.net.34724: 52909 0/1/0 (92)
21:54:13.710367 IP dns.server.net.53 > client.address.net.34724: 19941 0/1/0 (92)
(IP addresses replaced with appropriate hostnames)
Presumably, even with a local DNS server, tracing calls to the DNS resolver library
would show the same phenomenon.
I have to say that I find this behaviour appalling. It seems to be a security issue
all by itself, and is probably a symptom of even bigger problems.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-3-686 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libwebkit-1.0-2 depends on:
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra
ii libenchant1c2a 1.4.2-3.3 a wrapper library for various spel
ii libfontconfig1 2.8.0-2 generic font configuration library
ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib
ii libgail18 2.20.0-2 GNOME Accessibility Implementation
ii libgcc1 1:4.4.2-9 GCC support library
ii libglib2.0-0 2.24.0-1 The GLib library of C routines
ii libgstreamer-plugins-base0. 0.10.28-1 GStreamer libraries from the "base
ii libgstreamer0.10-0 0.10.28-1 Core GStreamer libraries and eleme
ii libgtk2.0-0 2.20.0-2 The GTK+ graphical user interface
ii libicu42 4.2.1-3 International Components for Unico
ii libjpeg62 6b-15 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.28.0-1 Layout and rendering of internatio
ii libpng12-0 1.2.43-1 PNG library - runtime
ii libsoup2.4-1 2.30.0-1 an HTTP library implementation in
ii libsqlite3-0 3.6.23.1-1 SQLite 3 shared library
ii libstdc++6 4.4.2-9 The GNU Standard C++ Library v3
ii libwebkit-1.0-common 1.2.0-1 Web content engine library for Gtk
ii libxml2 2.7.7.dfsg-1 GNOME XML library
ii libxslt1.1 1.1.26-2 XSLT processing library - runtime
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
libwebkit-1.0-2 recommends no packages.
libwebkit-1.0-2 suggests no packages.
-- no debconf information
More information about the Pkg-webkit-maintainers
mailing list