Closed Bug 1564872 Opened 5 years ago Closed 5 years ago

Firefox does not allow saving to C: anymore

Categories

(Core :: Networking: File, defect)

Product:
Core
Component:
Networking: File
Version:
68 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 1564808
Tracking Flags:
Tracking Status
firefox68 --- affected
firefox69 --- affected
firefox70 --- affected

People

(Reporter: Anders.Ohrt, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Open any page, press Ctrl-S, select C:, press Save.

Actual results:

I get the error message (paraphrased from Swedish): Client missing a necessary priviledge.

Expected results:

It should just save to C:. Firefox 67 did before I upgraded, earlier today.

I've also tried it on my other computer with the same result.

Also, when I have the default download folder set to C:, any attempted download fails immediately. If I have it set to C:\Downloads, all downloads work as they should.

And before anyone asks; yes, I have write permission to C:. =)

Hi Andres,

Thanks for the details. I was able to reproduce the bug on the following versions:

release 68.0 (64-bit), nightly 70.0a1 (2019-07-15) (64-bit) and Beta 69.0b4 (64-bit).

I've chosen a component. If you consider that there's another component that's more proper for this case you may change it.

However, I find it weird that you were able to do this with firefox before since Chrome doesn't allow it and I can't save a .txt there either. Let's see what the devs say.

Best regards, Flor.

Status: UNCONFIRMED → NEW
status-firefox68: --- → affected
status-firefox69: --- → affected
status-firefox70: --- → affected
Component: Untriaged → Networking: FTP
Ever confirmed: true
Product: Firefox → Core
Component: Networking: FTP → Networking: File

Hi Florencia,

I can save to C: with Chrome, and all other applications (except Firefox since 68). I do have UAC turned off, which is probably why I can save there and you cannot.

Hi Anders,

I tried on two different computers with Windows 10, both with UAC turned off and a reboot in between but I wasn't able to save anything on C, either with chrome or firefox. But maybe you can provide me with a bit more info.

Can you please download Firefox Nightly from here: https://nightly.mozilla.org/ and retest the problem and see if the issue still occurs there as well?
Does this issue occur with a fresh profile? you can find the steps here: https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles?redirectlocale=en-US&redirectslug=Managing-profiles#w_starting-the-profile-manager.

Thanks in advance, Flor.

Flags: needinfo?(Anders.Ohrt)

Hi Flor,

I tried with Nightly and with a flesh profile in 68, both have the same problem.

You do need to run with an account that has write access to C: to test this. My account has administrative privileges, if you are testing with a usual account you will probably not be able to save to C:.

Flags: needinfo?(Anders.Ohrt)

Hi Anders,

Now yes! I had to turn off the UAC, run the explorer as administrator and now I was able to save on C with chrome but not with firefox. Thanks for the patience. We'll await the answer of the DEVs.

Best regards, Flor.

Are you trying to save in the root - aka to c:\? If yes, then it's forbidden for user space applications. If you are trying to store to a subdirectory on c:\ that has write permission for the user you run Firefox for, then it would be weird. Because that's something that definitely works.

Flags: needinfo?(Anders.Ohrt)

Hi Honza,

Yes, I'm trying to save to the root. This stopped working in Firefox 68, all earlier versions could. And it works in all other user space applications (Chrome, Notepad, Word, etc). Note that I'm running without UAC and as administrator.

Flags: needinfo?(Anders.Ohrt)

Thanks, then this is a WONTFIX as this depends on the system, not Firefox. Testing this with e.g. Total Commander, Chrome - I'm not allowed to save to c root.

I think the reason is that if you run all other software (like Chrome) as admin, you have the access to the c root. The difference probably is that the main process of Firefox is now running w/o admin rights, because we have added a launcher process (which spawn the main process) that removes administrator rights.

Running applications as admin is very strongly discouraged, in general.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX

Hi Honza,

I understand your viewpoint and the technical reason, but this does no "depend on the system". It's definitely a Firefox regressions, and it's breaking a workflow I've had for over 10 years (Firefox 3.x).

All other applications handles this correctly, it's only Firefox since 68 that does not. My system is set up so I have write permissions to C:, Firefox should respect that like all other applications does.

Looks like we have enabled the launcher process in 64, not 68 (adding Aaron to verify).

Anders, let me clarify: you changed permissions for the C:\ root to allow any authenticated users (which doesn't mean admins!) have a write permission?

No, the permissions for my C:\ root is as follows (paraphrased from Swedish):
Administrators: Full access. This folder, sub folders and files
SYSTEM: Full access. This folder, sub folders and files
Users: Read and Execute. This folder, sub folders and files
Authenticated users: Change. Only sub folders and files
Authenticated users: Create folders / add data. This Folder only.

The account I'm using is a member of the Administrators group, and therefore has full access to C:.

(In reply to Anders Öhrt from comment #12)

No, the permissions for my C:\ root is as follows (paraphrased from Swedish):
Administrators: Full access. This folder, sub folders and files
SYSTEM: Full access. This folder, sub folders and files
Users: Read and Execute. This folder, sub folders and files
Authenticated users: Change. Only sub folders and files
Authenticated users: Create folders / add data. This Folder only.

The account I'm using is a member of the Administrators group, and therefore has full access to C:.

Being a member doesn't mean it has admin rights per se. It may ask for them (user gets the popup to confirm) e.g. when you run an application as admin.

Actually, being a member does mean it has admin right, that's the whole idea with having an Administrators group. And as I've written above, I have UAC disabled so I never get any popups to confirm anything.

I don't understand what you are arguing here. Do you think that my account does not have write access to C:? If so you are mistakes, as Firefox 67 and earlier happily wrote there and all other applications I run does.

If I view the effective permissions for C:\ for my account, I have these:
Full control
Traverse folder / execute file
List folders / read data
Read Attributes
Read extended attributes
Create files / write data
Create folders / append data
Write attributes
Write extended attributes
Delete subfolders
Delete
Read permissions
Change permissions
Take ownership

The process running under a user in the admin group must ask for admin access explicitly or be running as admin explicitly (the "Run as Administrator" thing).

That is controlled by group policy, and I have disabled the need to ask for explicit permission.

I still don't understand what your point is, I do have the necessary permissions.

To be exact I think that even with UAC off processes still have to explicitly ask for admin tokens or be launched as admin "by hand" or by manifest/properties changes. No deeper expert on this stuff tho. Asking some more people below.

Aaron, any idea what we might have changed according how the parent (main) process is launched that could cause this regression?

Leaving as WONTFIX, because I don't think we want to change anything here, but we may at least find a suitable workaround (preference or env var to set).

Flags: needinfo?(aklotz)

By default, the launcher process drops Firefox's integrity level to Medium, so even with UAC disabled, Firefox would be seen by the OS as having lesser permissions than full administrator.

While re-enabling UAC is the best solution to this, I also understand that some users have their reasons.

If you absolutely want to leave UAC off but still have Firefox able to obtain write access to sensitive areas of your file system, you will need to start Firefox with the -no-deelevate command line option.

Flags: needinfo?(aklotz)
Resolution: WONTFIX → DUPLICATE

Hi Aaron,

Thanks, that solved the issue for me!

Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.