Closed Bug 1642577 Opened 2 months ago Closed 1 month ago

Firefox loops if always run as administrator

Categories

(Firefox :: Launcher Process, defect)

76 Branch
defect

Tracking

()

RESOLVED FIXED
Firefox 79
Tracking Status
firefox79 --- fixed

People

(Reporter: drevbw9e7sd1, Assigned: toshi)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Steps to reproduce:

My colleague is using NemID authentication with Firefox and it must be run as administrator in order to work. He want to keep Firefox always run as administrator

  1. Right click on Firefox icon and choose Properties
  2. Go to Compatibility
  3. Check "Run this program as administrator"
  4. Click OK
  5. Launch Firefox

Actual results:

Firefox keeps looping and asking me to allow or not (the UAC dialog box). If i disable UAC, it will keep looping until you uncheck run as administrator

Expected results:

Launch Firefox as administrator without any problems

I was able to reproduce on my computer as well
Our computers are running Windows 10 1909

Hi drevbw9e7sd1,

Thanks for reporting this bug.

I'm afraid I'm unable to test this on my end because I don't have NemID autentication credentials, but as a starting point I'll add this ticket to the Toolkit: Startup and Profile. Hopefully someone from their team will be able to offer their insights into this issue.

Could you confirm which Firefox version are you using? Please also test if this is reproducible in the latest Firefox Nightly version: https://nightly.mozilla.org/

Regards,
Virginia

Component: Untriaged → Startup and Profile System
Flags: needinfo?(drevbw9e7sd1)
Product: Firefox → Toolkit

Aaron, is this a result of bug 1430092?

Flags: needinfo?(aklotz)

Yeah...

Two issues:

  • Why does NemID require Admin? That's... scary.
  • Regardless, we shouldn't degenerate like this.
Component: Startup and Profile System → Launcher Process
Flags: needinfo?(aklotz) → needinfo?(tkikuchi)
Product: Toolkit → Firefox

Thanks, Aaron.

I confirmed the repro. The launcher process must handle AppCompatFlags correctly.

Assignee: nobody → tkikuchi
Flags: needinfo?(tkikuchi)

If the process was elevated due to AppCompatFlags, we should not
use LaunchUnelevated to launch the browser process because it starts
an infinite loop of process launch.

The fix is to make GetElevationState return a new elevation state
if RUNASADMIN is set in AppCompatFlags. With that state, we use
CreateProcessAsUser to launch the browser process.

It's a higher security autentication system installed on the pc, that's why admin right is needed when you need to login in Firefox. I think it's called employee signature or key file in english

I readed the solution on the official site and solved the problem.
https://www.nets.eu/dk-da/kundeservice/medarbejdersignatur/noeglefil/Pages/firefox-68-udfordringer.aspx

Basically, go to about:config and change browser.launcherProcess.enable value to false

Flags: needinfo?(drevbw9e7sd1)

(In reply to drevbw9e7sd1 from comment #7)

It's a higher security autentication system installed on the pc, that's why admin right is needed when you need to login in Firefox. I think it's called employee signature or key file in english

I readed the solution on the official site and solved the problem.
https://www.nets.eu/dk-da/kundeservice/medarbejdersignatur/noeglefil/Pages/firefox-68-udfordringer.aspx

Basically, go to about:config and change browser.launcherProcess.enable value to false

Thank you for sharing it. It's unfortunate that NemID requires the browser process to run as admin.

I'd like to suggest another workaround described in our support page, to launch firefox.exe with the command option -no-deelevate, which also allows you to run the process as admin without the launching loop. I think -no-deelevate is slightly safer because the launcher process is a feature that makes firefox safer and more stable. As Aaron mentioned above, running the browser as admin is still scary though.

My patch above is to stop the launching loop. If it's been shipped, you still need the workarounds to run the process as admin. Sorry for inconvenience.

Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f612d453e009
De-elevate the process with CreateProcessAsUser if the compat flag RUNASADMIN is set.  r=aklotz
Status: UNCONFIRMED → RESOLVED
Closed: 1 month ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 79
You need to log in before you can comment on or make changes to this bug.