Closed Bug 1258770 Opened 8 years ago Closed 5 years ago

Cannot update (using background service) firefox from non-admin windows xp account

Categories

(Toolkit :: Application Update, defect)

Product:
Toolkit
Component:
Application Update
Version:
43 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: bogiebog, Unassigned)

Details

Attachments

(1 file)

ff-01.jpg
11.21 KB, image/jpeg
Details
Attached image ff-01.jpg 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160315153207

Steps to reproduce:

Windows XP SP3  PL 32bit
Fresh installation of firefox
- uninstall FF, uninstall Maint service, delete HKLM mozilla, delete C:/program files/*mozilla*
- download Firefox Setup 43.0.exe  PL
- as admin account, install, no errors,
- run FF as non-admin account
- verify the "automatic updates" and "use background service" are check in config
- Help/About, press [restart to update]
- got error ff-01.jpg


Actual results:

- After FF restart dialog box comes up ff-01.jpg with an error (see attachment), I verified using procexp.exe that no other instances of firefox.exe are running.
- 0/Update.log reports permissions problem (error 5)
- procmon.exe shows the updater.exe attempts 10 times access to firefox.exe (as non-admin user)
- procmon.exe dooes not show the maintenanceservice.exe is started. From non-admin user I can run "sc start mozillamaintenance" and procmon shows maintenanceservice.exe started.
- non-admin has no privileges to C:/program files, maint service should do this as SYSTEM, but the service not started by updater.exe
- on FF restart, procmon.exe shows that updater.exe is run with following args
"C:\Program Files\Mozilla Firefox\updater.exe" "C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0" "C:\Program Files\Mozilla Firefox" "C:\Program Files\Mozilla Firefox" 2152 "C:\Program Files\Mozilla Firefox" "C:\Program Files\Mozilla Firefox\firefox.exe"

- o/update.status  has "pending" word in it

0/update.log
PATCH DIRECTORY C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0
INSTALLATION DIRECTORY C:\Program Files\Mozilla Firefox
WORKING DIRECTORY C:\Program Files\Mozilla Firefox
NS_main: callback app file open attempt 1 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 2 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 3 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 4 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 5 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 6 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 7 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 8 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 9 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 10 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file in use, failed to exclusively open executable file: C:\Program Files\Mozilla Firefox\firefox.exe

- from non-admin account, from cmd.exe I tried running  
"C:\Program Files\Mozilla Firefox\updater.exe" "C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0" "C:\Program Files\Mozilla Firefox" "C:\Program Files\Mozilla Firefox" 2152 "C:\Program Files\Mozilla Firefox" "C:\Program Files\Mozilla Firefox\firefox.exe"
but I get ff-01.jpg error.

Is there any debug options to updater to see why not using maint service to update ?

- I set  app.update.log=true  (in about:config)
- the FF console log after restart contains
Could not read chrome manifest 'file:///C:/Program%20Files/Mozilla%20Firefox/chrome.manifest'.
UTM:SVC TimerManager:registerTimer - id: xpi-signature-verification
While creating services from category 'profile-after-change', could not create service for entry 'Sapi Speech Synth', contract ID '@mozilla.org/synthsapi;1'
AUS:SVC Creating UpdateService
AUS:SVC gCanCheckForUpdates - able to check for updates
AUS:SVC isServiceInstalled = true
AUS:SVC getCanApplyUpdates - bypass the write checks because we'll use the service
AUS:SVC getCanApplyUpdates - able to apply updates
AUS:SVC readStatusFile - status: failed: 35, path: C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status
Get a connection to permissions.sqlite.
UTM:SVC TimerManager:registerTimer - id: browser-cleanup-thumbnails
AUS:SVC isServiceInstalled = true
AUS:SVC getCanApplyUpdates - bypass the write checks because we'll use the service
AUS:SVC getCanApplyUpdates - able to apply updates
AUS:SVC isServiceInstalled = true
AUS:SVC getCanStageUpdates - able to stage updates using the service
AUS:SVC isServiceInstalled = true
AUS:SVC getLocale - getting locale from file: resource://gre/update.locale, locale: pl
AUS:SVC Checker:getUpdateURL - update URL: https://aus5.mozilla.org/update/3/Firefox/43.0/20151208100201/WINNT_x86-msvc-x86/pl/release/Windows_NT%205.1.3.0%20(x86)/default/default/update.xml
AUS:SVC Checker: checkForUpdates, force: false
AUS:SVC Checker:getUpdateURL - update URL: https://aus5.mozilla.org/update/3/Firefox/43.0/20151208100201/WINNT_x86-msvc-x86/pl/release/Windows_NT%205.1.3.0%20(x86)/default/default/update.xml
AUS:SVC Checker:checkForUpdates - sending request to: https://aus5.mozilla.org/update/3/Firefox/43.0/20151208100201/WINNT_x86-msvc-x86/pl/release/Windows_NT%205.1.3.0%20(x86)/default/default/update.xml
AUS:SVC Checker:onLoad - request completed downloading document
AUS:SVC Checker:getUpdateURL - update URL: https://aus5.mozilla.org/update/3/Firefox/43.0/20151208100201/WINNT_x86-msvc-x86/pl/release/Windows_NT%205.1.3.0%20(x86)/default/default/update.xml
AUS:SVC Checker:onLoad - number of updates available: 1
Zdarzenie naciśnięcia klawisza jest niedostępne przy niektórych układach klawiatury: key="c" modifiers="accel,alt" browser.xul
Zdarzenie naciśnięcia klawisza jest niedostępne przy niektórych układach klawiatury: key="i" modifiers="accel,alt,shift" browser.xul
1458668960924	Services.HealthReport.HealthReporter	WARN	Saved state file does not exist.
OS: Unspecified → Windows XP
Hardware: Unspecified → x86
Component: Untriaged → Application Update
Product: Firefox → Toolkit
Thanks for the detailed report. I tried to replicate this issue myself and I wasn't able to; the non-admin user gets the normal update sequence for me. Would you be able to try again but with a more recent version than 43.0? Even the last point release of 43, 43.0.4, would work. I ask because there were some specific changes in 43.0.1 and 43.0.2 (bug 1079858) that could be causing problems with trying to use the maintenance service.
Flags: needinfo?(bogiebog)
Same error when upgrading from 44.0.2
I do have other XP systems where everthing works as expected

Windows XP SP3 Professional  (OEM)
- uninstalled everthing mozilla as described above
- installed 44.0.2,  
- verified Maint service can be started from non-admin account
- as non-admin started firefox, help/about, wait for [restart ] button to appear
- collected console logs (part1)
- pushed help/about [restart]
- got same error
- collected console logs (part2)

- tried serveral times restarting firefox, same errors dialog box comes up

============ updates/0/update.log
PATCH DIRECTORY C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0
INSTALLATION DIRECTORY C:\Program Files\Mozilla Firefox
WORKING DIRECTORY C:\Program Files\Mozilla Firefox
NS_main: callback app file open attempt 1 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 2 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 3 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 4 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 5 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 6 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 7 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 8 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 9 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file open attempt 10 failed. File: C:\Program Files\Mozilla Firefox\firefox.exe. Last error: 5
NS_main: callback app file in use, failed to exclusively open executable file: C:\Program Files\Mozilla Firefox\firefox.exe


============part1 logs
Could not read chrome manifest 'file:///C:/Program%20Files/Mozilla%20Firefox/chrome.manifest'.
UTM:SVC TimerManager:registerTimer - id: xpi-signature-verification
While creating services from category 'profile-after-change', could not create service for entry 'Sapi Speech Synth', contract ID '@mozilla.org/synthsapi;1'
UTM:SVC TimerManager:registerTimer - id: browser-cleanup-thumbnails
Zdarzenie naciśnięcia klawisza jest niedostępne przy niektórych układach klawiatury: key="c" modifiers="accel,alt" browser.xul
Zdarzenie naciśnięcia klawisza jest niedostępne przy niektórych układach klawiatury: key="i" modifiers="accel,alt,shift" browser.xul
1458754541342	Services.HealthReport.HealthReporter	WARN	Saved state file does not exist.
AUS:SVC Creating UpdateService
AUS:SVC gCanCheckForUpdates - able to check for updates
AUS:SVC UpdateManager:_loadXMLFileIntoArray: XML file does not exist
AUS:SVC Checker: checkForUpdates, force: true
AUS:SVC Checker:getUpdateURL - update URL: https://aus5.mozilla.org/update/3/Firefox/44.0.2/20160210153822/WINNT_x86-msvc-x86/pl/release/Windows_NT%205.1.3.0%20(x86)/default/default/update.xml?force=1
AUS:SVC Checker:checkForUpdates - sending request to: https://aus5.mozilla.org/update/3/Firefox/44.0.2/20160210153822/WINNT_x86-msvc-x86/pl/release/Windows_NT%205.1.3.0%20(x86)/default/default/update.xml?force=1
AUS:SVC Checker:onLoad - request completed downloading document
AUS:SVC Checker:getUpdateURL - update URL: https://aus5.mozilla.org/update/3/Firefox/44.0.2/20160210153822/WINNT_x86-msvc-x86/pl/release/Windows_NT%205.1.3.0%20(x86)/default/default/update.xml?force=1
AUS:SVC Checker:onLoad - number of updates available: 1
AUS:SVC isServiceInstalled = true
AUS:SVC getCanApplyUpdates - bypass the write checks because we'll use the service
AUS:SVC getCanApplyUpdates - able to apply updates
AUS:SVC Creating Downloader
AUS:SVC UpdateService:_downloadUpdate
AUS:SVC readStringFromFile - file doesn't exist: C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status
AUS:SVC readStatusFile - status: null, path: C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status
AUS:SVC UpdateManager:_loadXMLFileIntoArray: XML file does not exist
AUS:SVC Downloader:downloadUpdate - downloading from http://download.mozilla.org/?product=firefox-45.0.1-complete&os=win&lang=pl&force=1 to C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0\update.mar
AUS:SVC Downloader:onStartRequest - original URI spec: http://download.mozilla.org/?product=firefox-45.0.1-complete&os=win&lang=pl&force=1, final URI spec: http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pl/firefox-45.0.1.complete.mar
AUS:SVC Downloader:onProgress - progress: 43006/52649302
.....
AUS:SVC Downloader:onProgress - progress: 52649302/52649302
AUS:SVC Downloader:onStopRequest - original URI spec: http://download.mozilla.org/?product=firefox-45.0.1-complete&os=win&lang=pl&force=1, final URI spec: http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pl/firefox-45.0.1.complete.mar, status: 0
AUS:SVC Downloader:onStopRequest - status: 0, current fail: 0, max fail: 10, retryTimeout: 2000
AUS:SVC Downloader:_verifyDownload called
AUS:SVC Downloader:_verifyDownload downloaded size == expected size.
AUS:SVC isServiceInstalled = true
AUS:SVC Downloader:onStopRequest - setting state to: pending-service
AUS:SVC isServiceInstalled = true
AUS:SVC getCanStageUpdates - able to stage updates using the service
AUS:SVC isServiceInstalled = true
AUS:SVC getCanStageUpdates - able to stage updates using the service
AUS:SVC Downloader:onStopRequest - attempting to stage update: Firefox 45.0.1
AUS:SVC readStatusFile - status: applied, path: C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status
AUS:SVC isServiceInstalled = true
AUS:SVC UpdateManager:refreshUpdateStatus - Notifying observers that the update was staged. state: applied-service, status: applied


===========-part2 logs
Could not read chrome manifest 'file:///C:/Program%20Files/Mozilla%20Firefox/chrome.manifest'.
UTM:SVC TimerManager:registerTimer - id: xpi-signature-verification
While creating services from category 'profile-after-change', could not create service for entry 'Sapi Speech Synth', contract ID '@mozilla.org/synthsapi;1'
AUS:SVC Creating UpdateService
AUS:SVC gCanCheckForUpdates - able to check for updates
AUS:SVC isServiceInstalled = true
AUS:SVC getCanApplyUpdates - bypass the write checks because we'll use the service
AUS:SVC getCanApplyUpdates - able to apply updates
AUS:SVC readStatusFile - status: failed: 35, path: C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status
UTM:SVC TimerManager:registerTimer - id: browser-cleanup-thumbnails
Zdarzenie naciśnięcia klawisza jest niedostępne przy niektórych układach klawiatury: key="c" modifiers="accel,alt" browser.xul
Zdarzenie naciśnięcia klawisza jest niedostępne przy niektórych układach klawiatury: key="i" modifiers="accel,alt,shift" browser.xul
Flags: needinfo?(bogiebog)
Running/Starging maint service from command line (non-admin) user works and updates the FF

sc start MozillaMaintenance "MozillaMaintenance" "software-update" "C:\Program Files\Mozilla Firefox\updater.exe" "C:\Documents and Settings\non-admin\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Mozilla Firefox\updates\0" "C:\Program Files\Mozilla Firefox" "C:\Program Files\Mozilla Firefox" 2040 "C:\Program Files\Mozilla Firefox" "C:\Program Files\Mozilla Firefox\firefox.exe"

So the question is why the updater.exe is not using/calling update  through service ?
windbg updater.exe with mozilla symbol/source servers.
source file toolkit\mozapps\update\updater\updater.cpp

CreateFileW() to C:\program files\mozilla firefox\firefox.update_in_progress.lock successds and effectively disables launch of service update  (updateLockFileHandle  is valid handle)

>    if (updateLockFileHandle == INVALID_HANDLE_VALUE ||
>        (useService && testOnlyFallbackKeyExists && noServiceFallback)) {
>
>   if(useService)
>        DWORD ret = LaunchServiceSoftwareUpdateCommand(argc, (LPCWSTR *)argv);
>
> }

Cause: hacked permission for Users built-in group that allow Users to create files in C:\program files\ and subdirs, but not delete/rename files.

Hmmmm... weird updater.exe logic
IMO if the "use service to update is checked" the updater should should unconditionally use the service in 1st place before doing any probing 'hmmm... can we may be do the update w/o service lauch ?', but this is only my two cents.

More logging to update.log (this dont need to be optimized so one could be generous with detailing update progress to the log) would help to troubleshoot updates problems. 

On my other Win 7 computer I remember seeing exactly same problem so this is not Win XP specific.
Allowing the service to apply updates where the user can already write to opens up an avenue where malware can fool the process and potentially exploit the machine.

This is an edgecase which the vast majority of users will never see it.
I dont follow this 
The Maint Service verifies signagures of updater.exe so it will not launch any malware.

Can you please describe specific scenario in which 'non-admin-with-write-privs-to-ff-inst-dir' launching updater.exe is more dangerous than 'non-admin-WITHOUT-write-privs-to-ff-inst-dir' launching updater.exe
We've had several security issues come up that were unforeseen and have tightened down the cases where we use the service because of those. If it were possible to replace a file then repeatedly launching the service it might be possible to launch the helper.exe which is launched after updating elevated.

For this edgecase the better solution would be to remove write access.
At most we *might* change the logic to fallback to not using the maintenance service for this case and instead request elevation though doing so would be a low priority since this is an extreme edgecase and there are plenty of bugs that would improve things for the majority of users.
Personally I would welcome more detailed entries in the update.log that would 'explain' why the maint service was not launched and otherwise help troubleshoot similar issues.

I understand there are more serious stuff to on the fix list.

cheers.
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: