Bug#578019: libwebkit-1.0-2: makes DNS query for every mouse movement

Michael Gilbert michael.s.gilbert at gmail.com
Sat Apr 17 21:46:50 UTC 2010


On Thu, 15 Apr 2010 23:40:44 -0700 Ian Bruce wrote:

> Package: libwebkit-1.0-2
> Version: 1.2.0-1
> Severity: important
> 
> 
> Webkit seems to make a DNS query for every mouse movement event that it receives
> from the browser window. (This happens with both Epiphany and Midori, so I assume
> that the problem is in Webkit.)
> 
> This is easy to reproduce; run the following command (as root):
> 
>     tcpdump -n -i eth0 port 53
> 
> (use appropriate network interface for remote DNS server)
> 
> Then load any random website (say, www.debian.org) into a browser window, and simply
> move the mouse pointer around in that window, without clicking on anything. This will
> generate a continuous stream of hundreds of DNS queries, of the following form:
> 
> 21:54:13.616734 IP client.address.net.55545 > dns.server.net.53: 47984+ A? . (17)
> 21:54:13.616870 IP client.address.net.55545 > dns.server.net.53: 21375+ AAAA? . (17)
> 21:54:13.637479 IP dns.server.net.53 > client.address.net.55545: 47984 0/1/0 (92)
> 21:54:13.638427 IP dns.server.net.53 > client.address.net.55545: 21375 0/1/0 (92)
> 21:54:13.657687 IP client.address.net.40289 > dns.server.net.53: 53754+ A? . (17)
> 21:54:13.657824 IP client.address.net.40289 > dns.server.net.53: 43656+ AAAA? . (17)
> 21:54:13.678386 IP dns.server.net.53 > client.address.net.40289: 53754 0/1/0 (92)
> 21:54:13.678841 IP dns.server.net.53 > client.address.net.40289: 43656 0/1/0 (92)
> 21:54:13.688747 IP client.address.net.34724 > dns.server.net.53: 52909+ A? . (17)
> 21:54:13.688878 IP client.address.net.34724 > dns.server.net.53: 19941+ AAAA? . (17)
> 21:54:13.709435 IP dns.server.net.53 > client.address.net.34724: 52909 0/1/0 (92)
> 21:54:13.710367 IP dns.server.net.53 > client.address.net.34724: 19941 0/1/0 (92)
> 
> (IP addresses replaced with appropriate hostnames)
> 
> Presumably, even with a local DNS server, tracing calls to the DNS resolver library
> would show the same phenomenon.
> 
> I have to say that I find this behaviour appalling. It seems to be a security issue
> all by itself, and is probably a symptom of even bigger problems.

it may actually be undesirable, but i don't think it can be considered
a security issue.  iceweasel does pretty much the same thing anyway.  i
think this has to do with page precaching, and there are options to
disable that.

mike





More information about the Pkg-webkit-maintainers mailing list