Search code examples
eclipsesecurityliclipse

LiClipse as potential security attack endpoint

From time to time I have to connect to the Internet in public workspaces and wifi zones, that is why I am trying to keep an eye on what ports are reachable on my laptop from outside.

Here is my finding regarding LiClipse:

$ nmap -T4 -p1-65535 192.168.1.4

Starting Nmap 7.01 ( https://nmap.org ) at 2016-07-22 12:34 EEST
Nmap scan report for 192.168.1.4
Host is up (0.00010s latency).
Not shown: 65533 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
45594/tcp open  unknown

$ sudo netstat -tulnp | grep -w -e 45594
tcp6       0      0 :::45594                :::*                    LISTEN      1637/java       

$ ps -f 1637 | cat
UID        PID  PPID  C STIME TTY      STAT   TIME CMD
oleksiy   1637  4764 23 12:31 ?        Sl     2:26 /opt/liclipse/jre/bin/java -Xms40m -Xmx512m -Declipse.p2.unsignedPolicy=allow -Declipse.log.size.max=10000 -Declipse.log.backup.max=5 -Dpydev.funding.hide=1 -Dliclipsetext.funding.hide=1 -Dfile.encoding=UTF-8 -Djava.awt.headless=true -jar /opt/liclipse//plugins/org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar -data file:/home/oleksiy/Private/workspace/ -os linux -ws gtk -arch x86_64 -showsplash -launcher /opt/liclipse/LiClipse -name LiClipse --launcher.library /opt/liclipse//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.400.v20160518-1444/eclipse_1617.so -startup /opt/liclipse//plugins/org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar --launcher.overrideVmargs -exitdata 11a800a -vm /opt/liclipse/jre/bin/java -vmargs -Xms40m -Xmx512m -Declipse.p2.unsignedPolicy=allow -Declipse.log.size.max=10000 -Declipse.log.backup.max=5 -Dpydev.funding.hide=1 -Dliclipsetext.funding.hide=1 -Dfile.encoding=UTF-8 -Djava.awt.headless=true -jar /opt/liclipse//plugins/org.eclipse.equinox.launcher_1.3.200.v20160318-1642.jar

To doublecheck that the reason is pure LiClipse I removed extra plugins (Vrapper, Colorer), but the port is still open, not 45594 all times, but a random one each time LiClipse restarts. I tried to connect to and send random data and got no response.

Can someone come up with a guess regarding which part of LiClipse functionality this open TCP port relates to, and why it shouldn't be closed by default as a potential security attack endpoint?

Solution

  • PyDev (which LiClipse includes) creates a port which is used to communicate with a spawned Python shell used to get code-completion information. You can see its code at: https://github.com/fabioz/Pydev/blob/bbe7874a527a583c5214ade594f45d4cc35d3ab7/plugins/org.python.pydev/src_completions/org/python/pydev/editor/codecompletion/shell/AbstractShell.java