Closed Bug 1098112 Opened 7 years ago Closed 7 years ago
Auto-updates broken on Linux when /tmp is mounted noexec
I've been trying to find out why my Firefox updates weren't working for the last few months (on and off) and finally found the problem: my /tmp is mounted noexec. If I "mount -o remount,exec /tmp" prior to starting Firefox then it all works fine. Given that mounting /tmp in a non-executable way is a recommendation from opsec, I hope we can fix this. I would recommend: 1. detecting this and issuing a warning to point to the cause of the update problems 2. taking advantage of the fact that the installation directory is already executable to run our executables there #1 is important because I've spent months trying to figure out why I was the only one who's updates were broken. #2 would be really nice, but I imagine it's not going to be a priority.
Component: General → Application Update
Product: Firefox → Toolkit
Here's the opsec recommendation I was referring to: https://mana.mozilla.org/wiki/display/SECURITY/System+Security+Policy+Guidelines+for+Linux+systems#SystemSecurityPolicyGuidelinesforLinuxsystems-Mountsettings (I don't know why it's locked away in Mana.)
This is due to the following and other associated code. http://mxr.mozilla.org/mozilla-central/source/toolkit/xre/nsUpdateDriver.cpp#451 I never liked using tmp so I'll take this.
Assignee: nobody → robert.strong.bugs
Status: NEW → ASSIGNED
Pushed to try https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=2fa5c125b097 I'm tempted to remove the removal of the MozUpdater-i dirs in temp but would prefer to do that in a separate bug.
Attachment #8529292 - Flags: review?(netzen)
Also tempted to just use the MozUpdater dir and just use Create instead of CreateUnique but I think this is safer since it should protect against file in use issues on Windows.
try looks good
Comment on attachment 8529292 [details] [diff] [review] patch rev1 Review of attachment 8529292 [details] [diff] [review]: ----------------------------------------------------------------- ::: toolkit/mozapps/update/nsUpdateService.js @@ +1235,5 @@ > var tmpDir = Cc["@mozilla.org/file/directory_service;1"]. > getService(Ci.nsIProperties). > get("TmpD", Ci.nsIFile); > > + // We used to store MozUpdater-i directories ins the temp directory. *in the temp directory
Attachment #8529292 - Flags: review?(netzen) → review+
- Addressed nit. Pushed here: https://hg.mozilla.org/integration/mozilla-inbound/rev/e57c4cf44a6d
Target Milestone: --- → mozilla37
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Francois, could you check that this is now fixed in Nightly? Thanks!
I can confirm that it works: I successfully upgraded from 2014-12-07 to 2014-12-08 with a noexec /tmp. Thanks Robert!
Duplicate of this bug: 791331
You need to log in before you can comment on or make changes to this bug.