Closed Bug 49507 Opened 24 years ago Closed 24 years ago

psm does not work, when run as a different user in unix. (causes hang/freeze)

Categories

(Core Graveyard :: Security: UI, defect, P4)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: nitinp, Assigned: ddrinan0264)

References

Details

(Keywords: hang, relnote, Whiteboard: relnote-user suntrak-n6)

Attachments

(3 files)

stack trace, thread 3
393 bytes, text/plain
Details
stack trace, thread 2
1.77 KB, text/plain
Details
workaround
5.86 KB, text/html
Details
-install psm and netscape 6 as yourself or as root. -login as someone else, and run netscape 6.0 as this user , using the netscape6 of the user. -netscape 6.0 will launch but psm does not work. You cannot do any SSL or even open the SA.
This problem comes from creation of xpti.dat and xptitemp.dat in psm/components directory owned by root. The creation of them is not follow the UNIX permission scheme. This problem appears both of mozilla-M17 and netscape v6PR2 on Linux.
Keywords: nsbeta3
*** Bug 50491 has been marked as a duplicate of this bug. ***
David, this seems to be lower priority to me. Marking [nsbeta3+] to take it off the untriaged list, but setting priority to 4 to indicate that this is lower priority.
Priority: P3 → P4
Whiteboard: [nsbeta3+]
Blocks: 41057
See also bug 32188 and bug 36007. Fixing 32188 could fix this one and the other one possibly. Although the RSA patent expiring make all these bugs moot when PSM is integrated.
This bug should be fixed with the latest PSM xpi file.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Reopening. 1.) Install the 9/20 netscape-i686-pc-linux-gnu-installer.tar.gz build as root. 2.) Login as another user and start netscape. What happens: I cannot reach an https site, and psm never starts up. Also component.reg is owned by root and is read only.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
leaf, I think this can be solved if we pre-generate the component.reg file for PSM. 1 question directly for you: How can we do that? Another question: Can we get PDT to review this bug? This is a major bug that IMHO must be fixed for PR3.
does psm have it's own component registration? that is, does there need to be a components/psm/component.reg? If so, we have to hack the build automation (the stuff that builds psm) to either run psm once to generate this file, or run regxpcom (which is what we use to generate mozilla's component.reg).
per PDT: P3-P5 priority bugs changed from nsbeta3+ to nsbeta3- since we have more important work to do for Seamonkey. If you disagree, please state your case in the bug report and nominate for rtm. Thanks. Perhaps we need to release note this? Is this bug prioritized correctly?
Whiteboard: [nsbeta3+] → [nsbeta3-]
Definately relnote. As for rtm if this is just a mess due to component.reg and if we end up bundling psm then I think this would be fixed by rtm. If we don't then either this is eaily fixed in which case it should get rtm or it isn't in which case it should get relnotertm+arch. leaf or ddrinan?
Keywords: relnote, relnote3, relnoteRTM
I think this bug is underated. The current fix (make the directory world writeable) could be viewed as a security hole and anyone who tries to use hotmail will encounter this bug...
Underrated is something of an understatement. I couldn't deploy this in a multi-user environment with a world-writable directory, at least not in good conscience.
I made a post in .security about how to work around this problem. It should help people in the mean time.
Deja news link to blizzard's post http://x63.deja.com/[ST_rn=fs]/threadmsg_ct.xp?thitnum=1&AN=681062626.1&mhitnum=0&CONTEXT=971793682.243859504 Does anyone have a precompiled version of psm with this fix in it?
Whiteboard: [nsbeta3-] → [nsbeta3-] relnote-user
*** Bug 58287 has been marked as a duplicate of this bug. ***
rtm
Keywords: rtm
*** Bug 53598 has been marked as a duplicate of this bug. ***
Whiteboard: [nsbeta3-] relnote-user → [nsbeta3-] relnote-user suntrak-n6
*** Bug 59516 has been marked as a duplicate of this bug. ***
Joel Becker (jlbec@evilplan.org) reports that the application hangs when run as a different user.
*** Bug 59516 has been marked as a duplicate of this bug. ***
This is a Bad Bug (TM). There have been complaints about this on the newsgroups, and I can easily reproduce the freeze in our NS6.0 installation: 1. Run netscape as a regular user 2. Load https://www.verisign.com -> throbber activates, but nothing else happens 3. Click the Stop button -> freeze It seems to be a deadlock between CMT_EstablishControlConnection () in thread 3 and PR_EnterMonitor () in thread 2. Stack traces follow as attachments. OS->Linux (because that's a supported OS), Severity->critical, crash keyword. Nominating for moz0.9.
Severity: normal → critical
Keywords: crash, mozilla0.9
OS: Solaris → Linux
Summary: psm does not work , when run as a different user in unix. → psm does not work , when run as a different user in unix. (causes hang/freeze)
*** Bug 60792 has been marked as a duplicate of this bug. ***
*** Bug 61102 has been marked as a duplicate of this bug. ***
*** Bug 61276 has been marked as a duplicate of this bug. ***
*** Bug 61600 has been marked as a duplicate of this bug. ***
*** Bug 62257 has been marked as a duplicate of this bug. ***
Attached file workaround
Excerpt of "workaround" (attached above): Make the psm install dir writeable for all users. Not that elegant (but it would surely work).
Ben, unless I gravely misunderstand what goes in the psm directory, that workaround opens the door to any user tampering with the PSM components. This is software that may handle e.g. financially important or confidential data, after all. The workaround is dangerous, makes SSL effectively completely insecure against local users, and is not suitable for anything but single-user, standalone, workstations.
> The workaround is dangerous That's what I tried to say, yes. It wasn't my proposal.
Ok, how about a really silly variation on workaround. peruser psm. admin installs psm. makes it readonly for all relevant users, and then moves it to psm.bin/ Then the admin creates a symlink from psm to ~/mozilla/plugins/psm then the admin creates a shell script or something that creates ~/mozilla/plugins/psm and performs magic on psm.bin/ and that directory. We had an old script that did something similar for entire distributions. I'm sure someone still has it. Recommended magic: mirroring directory structure and symlinking each file in the directory structure.
I'm not sure whether Timeless' solution will work if multiple users are running mozilla on the same machine at the same time (as happens here)...
Forgive me for asking this question, as I don't have all the internals knowledge required to know this on my own, but it would seem to me that the normal solution applies. All the executable/generic bits go in the psm dir, and the user's database/prefs go in ~/.mozilla/psm. Is there a major problem with such a solution?
Sitsofe Wheeler: please try. It should. if it doesn't then we have another serious bug separate from this one. Joel Becker: http://lxr.mozilla.org/mozilla/source/security/psm/ has all of the internals. I can't speak for the authors, but as is PSM does not do what is required to be well behaved, and therefore, we have this bug. I recommend that we use this bug to discuss workarounds and that people file specific bugs for the specific problems.
Keywords: nsbeta3, relnote3, rtm
Summary: psm does not work , when run as a different user in unix. (causes hang/freeze) → psm does not work, when run as a different user in unix. (causes hang/freeze)
Whiteboard: [nsbeta3-] relnote-user suntrak-n6 → relnote-user suntrak-n6
I thought, we had a workaround - blizzard's Jedimindtrick - not?
The problem was in the followin function: http://lxr.mozilla.org/mozilla/source/security/psm/lib/nlslayer/nlslayer.cpp#69 When starting up, PSM always called nsComponentManager::AutoRegister which tried to create the components.reg file. I'm working on getting PSM into Linux nightlies, which will build the new version of nlslayer.cpp at which point this bug should go away.
Keywords: crashfreeze
*** Bug 63356 has been marked as a duplicate of this bug. ***
Keywords: freezehang
Congratulations to the Netscrap managers who have pushed out Netscape 6. You have have made a bad joke of Netscape and the Mozilla project. I hope that Microsoft will release Internet Explorer for Un*x soon; a world writeable psm installation is worse security nightmare than ActiveX!
*** Bug 64131 has been marked as a duplicate of this bug. ***
This should work now that PSM shares the components registry with mozilla. Please re-open if that's not the case.
Status: REOPENED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → FIXED
The Install routine from Debug menu still doesn't work on linux trunk build 2001010821. Is that supposed to work? I'm asking because i have a growing hunch that the real testing is being done on PSM 1.4 and maybe some commerical mozilla build not publically available. The bugs i've "suffered" from regarding PSM are as alive today as they ever were. (like bug 56366).
Here is a build of mozilla with psm built in, and it works. Nightly builds of mozilla on www.mozilla.org presently are missing psm due to build problems. www.concentric.net/~unruh/mozilla-i686-pc-linux-gnu.tar.gz
nightly builds should now include psm [which is newer than the psm from debug>install psm]
PSM now gets built as part of the daily builds for Mozilla. If you use a version from one of the daily builds, this will not be a problem. You shouldn't have to do a separate download anymore either. (I believe there are already bugs open for packaging problems, but I don't remember them off the top of my head.)
well yes... the installation happened, and very quick, so something was in the 2001010821 build that wasn't there before. It's just that PSM hangs when used as normal user. (I installed as root) So the old problem persists, and mozilla freezes when i click "stop" button, and has to be killed. Will d/l the one pointed to here and test.
downloading mozilla-i686-pc-linux-gnu-sea.tar.gz from the lates dir (2001010908) and then used debug/install as root, to install it. Found this: PSM is installed. It happens way quicker than usual - in seconds rather than the usual 30 minutes (i use a modem) - meaning the PSM stuff is bundled in the downloaded tar.gz and not downloaded via web. When i afterwards start moz as normal user, and go to a https site, PSM does NOT start. Never spawns a single thread. mozilla-bin just hangs there, browser window spinning... end of story. If I then click stop, mozilla will freeze and has to be killed. I tried this at two different sites with same result. This bugs summary reads: "psm does not work, when run as a different user in unix. (causes hang/freeze)" That is still the situation. It is not fixed. This is how the file attributes look - are they correct? It is unusual that .so files arent executable, like here, but they may be that packaging problem Javier refer to, since they are all older versions of .so files already present AND exectuable in other browser directories: ls -la /usr/local/mozilla/psm -rw-r--r-- 1 root root 125976 Sep 22 11:29 libz.so -rw-r--r-- 1 root root 952970 Sep 22 16:02 libxpcom.so -rw-r--r-- 1 root root 9285 Sep 22 16:02 libplds4.so -rw-r--r-- 1 root root 15980 Sep 22 16:02 libplc4.so -rwxrwxr-x 1 root root 1555 Sep 22 16:03 start-psm -rwxr-xr-x 1 root root 1324981 Sep 22 16:03 psm -rw-r--r-- 1 root root 211976 Sep 22 16:03 libnspr4.so -rw-r--r-- 1 root root 123270 Sep 22 16:04 component.reg drwxr-xr-x 4 root root 4096 Jan 9 13:47 psmdata drwxrwxr-x 10 root root 4096 Jan 9 13:47 .. drwxr-xr-x 2 root root 4096 Jan 9 13:47 components drwxr-xr-x 4 root root 4096 Jan 9 13:47 . ls -la /usr/local/mozilla/psm/components drwxr-xr-x 2 root root 4096 Jan 9 13:47 . drwxr-xr-x 4 root root 4096 Jan 9 13:47 .. -rw-rw-rw- 1 root root 923891 Sep 22 16:04 libnecko.so -rw-rw-rw- 1 root root 124553 Sep 22 16:04 libnslocale.so -rw-rw-rw- 1 root root 65416 Sep 22 16:04 libstrres.so -rw-rw-rw- 1 root root 152343 Sep 22 16:04 libuconv.so -rw-rw-rw- 1 root root 231634 Sep 22 16:04 libucvlatin.so -rw-rw-rw- 1 root root 73081 Sep 22 16:04 libunicharutil.so -rw-rw-rw- 1 root root 108 Sep 22 16:04 xpti.dat -rw-rw-rw- 1 root root 108 Jan 9 14:08 xptitemp.dat
might add: Downloading junruh's build and using moz as the user i installed as, works OK. The psm directory structure is different in that build btw... ie. it IS no directory - psm and start-psm reside directly in the package dir, not in a subdir called psm.
dark@c2i.net: With the build you downloaded, which is now available at http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu.tar. gz, don't go to iPlanet and download PSM, it already comes with the mozilla build now. The PSM from the iPlanet download site does not work with the latest nightly builds. Please delete your last installation and reinstall the build of mozilla that you downloaded.
I am using an installed build, as run by running ./mozilla-installer provided in mozilla-i686-pc-linux-gnu-sea.tar.gz Once that is installed, there IS no psm executable nor psm dir. Is it hidden in some chrome, waiting to be lured out somehow? In that case: how? I deleted/reinstalled and now i just get "connection refused" when trying to go to https sites, both as root and normal user.
sorry: Meant to ask if it's lurking in some jar file but not unpacked by default? It has gotta be there somehow - it used to take 30 minutes downloading it when i ran Debug/Install PSM. Now it would take seconds, so it unpacks from local disk somehow. But how to i force this to happen?
dark@c2i.net: You are not supposed to do "Debug/Install PSM" any more. It should just work "out of the box". The build comments for the Jan 5th nightly say that the .tar.gz has PSM built-in, and when I downloaded that build, unpacked that as a regular user (not as root), and then ran it as that same user, https sites were loading fine without any further action.
Can someone please tell whether the installer-builds are supposed to contain PSM?
Yes it will work as soon as the bug 64649 is fixed.
the tar.gz, non-installer packages have psm included. as the previous comment alludes, the installer needs to be fixed before installer builds have psm.
Verified fixed with the nightly linux build. http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu.tar. gz
Status: RESOLVED → VERIFIED
*** Bug 36007 has been marked as a duplicate of this bug. ***
Mass changing Security:Crypto to PSM
Component: Security: Crypto → Client Library
Product: Browser → PSM
Version: other → 2.1
Mass changing Security:Crypto to PSM
Blocks: 116669
Product: PSM → Core
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: