Closed
Bug 1255590
Opened 8 years ago
Closed 8 years ago
Allow unsigned addons in /usr/{lib,share}/mozilla/extensions
Categories
(Toolkit :: Add-ons Manager, defect)
Toolkit
Add-ons Manager
Tracking
()
VERIFIED
FIXED
mozilla48
Tracking | Status | |
---|---|---|
firefox48 | --- | verified |
People
(Reporter: glandium, Assigned: glandium)
References
Details
Attachments
(2 files)
2.27 KB,
patch
|
Details | Diff | Splinter Review | |
58 bytes,
text/x-review-board-request
|
mossop
:
review+
|
Details |
On non-OSX unix, the addon manager picks addons from /usr/{lib,share}/mozilla/extensions. Those are behind the XRE_SYS_LOCAL_EXTENSION_PARENT_DIR and XRE_SYS_SHARE_EXTENSION_PARENT_DIR DirectoryService keys. On typical non-OSX unix systems, these directories are handled by package managers, and on typical linux distros, package maintainers have created packages for popular addons. This obviously all breaks with addon signature requirements. But since those directories are only accessible to root, lifting the signature requirement poses no additional threat. If a malware has root, it installing Firefox addons is the least of the user's problems. The attached patch is what I'm using on Debian to make those package-manager-installed addons not require a signature. Note that on OSX, XRE_SYS_LOCAL_EXTENSION_PARENT_DIR does return something, and might not be desirable to use it because the permissions model on OSX may be allowing third party apps to copy files in there. Not sure how to exclude OSX properly to make the last mile.
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(dtownsend)
Comment 1•8 years ago
|
||
I'm going to defer this to Kev as product manager to make the call here but this seems reasonable to me
Flags: needinfo?(dtownsend) → needinfo?(kev)
Comment 2•8 years ago
|
||
Approved. This has been discussed, and it's a reasonable approach for addons that a user/sysadmin wants to install explicitly. The expectation is that public distributions that include Firefox will not include addons in this directory by default.
Flags: needinfo?(kev)
Assignee | ||
Comment 3•8 years ago
|
||
Now that things are cleared, any idea about the last sentence in comment 0?
Flags: needinfo?(dtownsend)
Comment 4•8 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #3) > Now that things are cleared, any idea about the last sentence in comment 0? Checking nsIXULRuntime.OS I guess
Flags: needinfo?(dtownsend)
Assignee | ||
Comment 5•8 years ago
|
||
OS.Constants.Sys.Name maybe?
Comment 6•8 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #5) > OS.Constants.Sys.Name maybe? That's just an indirect way of getting nsIXULRuntime.OS: https://dxr.mozilla.org/mozilla-central/source/dom/system/OSFileConstants.cpp#899
Assignee | ||
Comment 7•8 years ago
|
||
(In reply to Dave Townsend [:mossop] from comment #6) > (In reply to Mike Hommey [:glandium] from comment #5) > > OS.Constants.Sys.Name maybe? > > That's just an indirect way of getting nsIXULRuntime.OS: > https://dxr.mozilla.org/mozilla-central/source/dom/system/OSFileConstants. > cpp#899 I know, but that's less xpcom-boilerplate-y.
Comment 8•8 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #7) > (In reply to Dave Townsend [:mossop] from comment #6) > > (In reply to Mike Hommey [:glandium] from comment #5) > > > OS.Constants.Sys.Name maybe? > > > > That's just an indirect way of getting nsIXULRuntime.OS: > > https://dxr.mozilla.org/mozilla-central/source/dom/system/OSFileConstants. > > cpp#899 > > I know, but that's less xpcom-boilerplate-y. Services.appInfo.OS!
Assignee | ||
Comment 9•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/42753/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/42753/
Attachment #8735371 -
Flags: review?(dtownsend)
Comment 10•8 years ago
|
||
Comment on attachment 8735371 [details] MozReview Request: Bug 1255590 - Allow unsigned addons in /usr/{lib,share}/mozilla/extensions. r?mossop https://reviewboard.mozilla.org/r/42753/#review39495 These tests are getting messy :(
Attachment #8735371 -
Flags: review?(dtownsend) → review+
Comment 12•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/cdb91f4483be
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox48:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Updated•8 years ago
|
Assignee: nobody → mh+mozilla
Comment 13•8 years ago
|
||
I was unable to verify this issue on Firefox 51.0a1 (2016-08-18) under Ubuntu 14.04 32-bit. I’ve tried to install several add-ons in /usr/lib/mozilla/extensions running the following steps http://askubuntu.com/questions/73474/how-to-install-firefox-addon-from-command-line-in-scripts but the add-ons are not displayed in Add-ons Manager. The only add-on that appears in Firefox is the default ubuntu add-on http://i.imgur.com/mRuvFoZ.png which can be enabled without the META-INF folder. Dave, could you please provide some reliable steps in order to verify this bug?
Flags: needinfo?(dtownsend)
Comment 14•8 years ago
|
||
(In reply to Vasilica Mihasca, QA [:vasilica_mihasca] from comment #13) > I was unable to verify this issue on Firefox 51.0a1 (2016-08-18) under > Ubuntu 14.04 32-bit. I’ve tried to install several add-ons in > /usr/lib/mozilla/extensions running the following steps > http://askubuntu.com/questions/73474/how-to-install-firefox-addon-from- > command-line-in-scripts but the add-ons are not displayed in Add-ons > Manager. These steps are extremely outdated, please ignore them. You need to follow the instructions here: https://developer.mozilla.org/en-US/Add-ons/Installing_extensions and put the extension in /usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/<extension id>.xpi (substitute lib for lib64 on 64-bit builds).
Flags: needinfo?(dtownsend)
Comment 15•8 years ago
|
||
(In reply to Dave Townsend [:mossop] from comment #14) > These steps are extremely outdated, please ignore them. You need to follow > the instructions here: > https://developer.mozilla.org/en-US/Add-ons/Installing_extensions and put > the extension in > /usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ > <extension id>.xpi (substitute lib for lib64 on 64-bit builds). Thanks Dave for the additional information! I was able to reproduce the initial issue on Firefox 45 (20160303134406) under Ubuntu 14.04 32-bit. Verified fixed on Firefox 51.0a1 (2016-08-24), Firefox 50.0a2 (2016-08-24), Firefox 49 beta 6 (20160822111414) and Firefox 48.0.1 (20160817112116) under Ubuntu 14.04 32-bit. The unsigned add-ons/webextensions installed via /usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/<extension id>.xpi are successfully enabled in Addons Manager.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•