Closed Bug 1098112 Opened 7 years ago Closed 7 years ago

Auto-updates broken on Linux when /tmp is mounted noexec


(Toolkit :: Application Update, defect)

Not set





(Reporter: francois, Assigned: robert.strong.bugs)




(1 file)

I've been trying to find out why my Firefox updates weren't working for the last few months (on and off) and finally found the problem: my /tmp is mounted noexec.

If I "mount -o remount,exec /tmp" prior to starting Firefox then it all works fine.

Given that mounting /tmp in a non-executable way is a recommendation from opsec, I hope we can fix this.

I would recommend:

1. detecting this and issuing a warning to point to the cause of the update problems
2. taking advantage of the fact that the installation directory is already executable to run our executables there

#1 is important because I've spent months trying to figure out why I was the only one who's updates were broken.

#2 would be really nice, but I imagine it's not going to be a priority.
Component: General → Application Update
Product: Firefox → Toolkit
This is due to the following and other associated code.

I never liked using tmp so I'll take this.
Assignee: nobody → robert.strong.bugs
Attached patch patch rev1Splinter Review
Pushed to try

I'm tempted to remove the removal of the MozUpdater-i dirs in temp but would prefer to do that in a separate bug.
Attachment #8529292 - Flags: review?(netzen)
Also tempted to just use the MozUpdater dir and just use Create instead of CreateUnique but I think this is safer since it should protect against file in use issues on Windows.
try looks good
Comment on attachment 8529292 [details] [diff] [review]
patch rev1

Review of attachment 8529292 [details] [diff] [review]:

::: toolkit/mozapps/update/nsUpdateService.js
@@ +1235,5 @@
>      var tmpDir = Cc[";1"].
>                   getService(Ci.nsIProperties).
>                   get("TmpD", Ci.nsIFile);
> +    // We used to store MozUpdater-i directories ins the temp directory.

*in the temp directory
Attachment #8529292 - Flags: review?(netzen) → review+
- Addressed nit.

Pushed here:
Target Milestone: --- → mozilla37
Closed: 7 years ago
Resolution: --- → FIXED
Francois, could you check that this is now fixed in Nightly? Thanks!
Flags: needinfo?(francois)
I can confirm that it works: I successfully upgraded from 2014-12-07 to 2014-12-08 with a noexec /tmp.

Thanks Robert!
Flags: needinfo?(francois)
Duplicate of this bug: 791331
You need to log in before you can comment on or make changes to this bug.