Closed
Bug 1098112
Opened 11 years ago
Closed 11 years ago
Auto-updates broken on Linux when /tmp is mounted noexec
Categories
(Toolkit :: Application Update, defect)
Toolkit
Application Update
Tracking
()
RESOLVED
FIXED
mozilla37
People
(Reporter: francois, Assigned: robert.strong.bugs)
References
Details
Attachments
(1 file)
|
7.55 KB,
patch
|
bbondy
:
review+
|
Details | Diff | Splinter Review |
I've been trying to find out why my Firefox updates weren't working for the last few months (on and off) and finally found the problem: my /tmp is mounted noexec.
If I "mount -o remount,exec /tmp" prior to starting Firefox then it all works fine.
Given that mounting /tmp in a non-executable way is a recommendation from opsec, I hope we can fix this.
I would recommend:
1. detecting this and issuing a warning to point to the cause of the update problems
2. taking advantage of the fact that the installation directory is already executable to run our executables there
#1 is important because I've spent months trying to figure out why I was the only one who's updates were broken.
#2 would be really nice, but I imagine it's not going to be a priority.
|
||
Updated•11 years ago
|
Component: General → Application Update
Product: Firefox → Toolkit
|
Reporter | |
Comment 1•11 years ago
|
||
Here's the opsec recommendation I was referring to:
https://mana.mozilla.org/wiki/display/SECURITY/System+Security+Policy+Guidelines+for+Linux+systems#SystemSecurityPolicyGuidelinesforLinuxsystems-Mountsettings
(I don't know why it's locked away in Mana.)
|
Assignee | |
Comment 2•11 years ago
|
||
This is due to the following and other associated code.
http://mxr.mozilla.org/mozilla-central/source/toolkit/xre/nsUpdateDriver.cpp#451
I never liked using tmp so I'll take this.
Assignee: nobody → robert.strong.bugs
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 3•11 years ago
|
||
Pushed to try
https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=2fa5c125b097
I'm tempted to remove the removal of the MozUpdater-i dirs in temp but would prefer to do that in a separate bug.
Attachment #8529292 -
Flags: review?(netzen)
|
|
Assignee | |
Comment 4•11 years ago
|
||
Also tempted to just use the MozUpdater dir and just use Create instead of CreateUnique but I think this is safer since it should protect against file in use issues on Windows.
|
|
Assignee | |
Comment 5•11 years ago
|
||
try looks good
|
||
Comment 6•11 years ago
|
||
Comment on attachment 8529292 [details] [diff] [review]
patch rev1
Review of attachment 8529292 [details] [diff] [review]:
-----------------------------------------------------------------
::: toolkit/mozapps/update/nsUpdateService.js
@@ +1235,5 @@
> var tmpDir = Cc["@mozilla.org/file/directory_service;1"].
> getService(Ci.nsIProperties).
> get("TmpD", Ci.nsIFile);
>
> + // We used to store MozUpdater-i directories ins the temp directory.
*in the temp directory
Attachment #8529292 -
Flags: review?(netzen) → review+
|
|
||
Comment 7•11 years ago
|
||
- Addressed nit.
Pushed here:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e57c4cf44a6d
Target Milestone: --- → mozilla37
|
|
||
Comment 8•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 9•11 years ago
|
||
Francois, could you check that this is now fixed in Nightly? Thanks!
Flags: needinfo?(francois)
|
|
Reporter | |
Comment 10•11 years ago
|
||
I can confirm that it works: I successfully upgraded from 2014-12-07 to 2014-12-08 with a noexec /tmp.
Thanks Robert!
Flags: needinfo?(francois)
You need to log in
before you can comment on or make changes to this bug.
Description
•