Open Bug 1899701 Opened 4 months ago Updated 3 months ago

[snap] Access to file denied if not owner but in correct group

Categories

(Firefox Build System :: Third Party Packaging, defect, P3)

Product:
Firefox Build System
Component:
Third Party Packaging
Version:
Firefox 126
Platform:
Desktop
Linux
Type:
defect

Tracking

(firefox126 affected)

Tracking Flags:
Tracking Status
firefox126 --- affected

People

(Reporter: mathieualbi33, Assigned: bandali)

References

(Blocks 2 open bugs)

Details

(Keywords: snap)

Attachments

(1 file)

GitHub Pull Request
49 bytes, text/x-github-pull-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Steps to reproduce:

  • Using firefox 126.0.1 snap on Ubuntu 22.04
  • Create a file in user home directory
  • Change owner of the file but keep the group untouched
  • Open the file with firefox
echo "test" > ~/test.txt
sudo chown root ~/test.txt
firefox ~/test.txt

Real world scenario is opening a PDF file I do not own but I'm part of the file group that as read access. Actual workaround is to not use firefox to open such PDF.

Actual results:

Firefox display an error message:
"Access to the file was denied
The file at /home/user/test.txt is not readable.
It may have been removed, moved, or file permissions may be preventing access.
"

Expected results:

user is part of the group of the same name, it should have access to the file even if he is not the owner. The access should be according to the read access for group as ls -l ~/test.txt gives -rw-rw-r-- 1 root user 5 mai 30 10:40 test.txt. Opening the file with nano, gedit for example works as expected.

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core
Component: Widget: Gtk → File Handling
OS: Unspecified → Linux
Product: Core → Firefox
Hardware: Unspecified → Desktop

I can confirm that a snap installed Firefox v126.0.1 will not open a text file created in user's home directory and with a changed owner of the file but the group is kept untouched. The steps in comment 0 were used to reproduce in Ubuntu 22.
Thank you for your report!

Status: UNCONFIRMED → NEW
status-firefox126: --- → affected
Ever confirmed: true

This looks like a snap problem to me; either way it's not a Firefox frontend issue that the OS wrappers from XPCOM claim we cannot access the file.

Blocks: snap
Component: File Handling → XPCOM
Flags: needinfo?(lissyx+mozillians)
Product: Firefox → Core

Can you confirm you are having the issue with firefox ~/test.txt ? I'm wondering if it has anything to do with ownership at all, it more sounds like a limitation of the sandbox of snap that prevents us to open files passed on the CLI ? See bug 1800350

You could try to open via the portal, I think if you File -> Open it should bring you the XDG Document Portal

Flags: needinfo?(lissyx+mozillians) → needinfo?(mathieualbi33)

Hm not only i reproduce, but it's not the same as bug 1800350 ;

I can see that in logs:

juin 07 14:32:44 portable-alex kernel: audit: type=1400 audit(1717763564.993:20553): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/home/alex/test.txt" pid=3407849 comm=53747265616D5472616E73202331 requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
juin 07 14:32:44 portable-alex kernel: audit: type=1400 audit(1717763564.994:20554): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/home/alex/test.txt" pid=3407849 comm="FSBroker3408064" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Definitively blocked by AppArmor

Ownership:

$ id 
uid=1000(alex) gid=1000(alex) groupes=1000(alex),[...]
$ ls -haln test.txt 
-rw-r--r-- 1 0 1000 233 mars  23  2008 test.txt
Blocks: snap-sandbox
Component: XPCOM → Third Party Packaging
Product: Core → Firefox Build System

Amin, can you check if it's a regression or a known issue of AppArmor? Or if we should file a bug upstream ?

Flags: needinfo?(bandali)
Flags: needinfo?(mathieualbi33)
Summary: Access to file denied if not owner but in correct group → [snap] Access to file denied if not owner but in correct group

According to the Canonical folks who got back to me about this, this is indeed the expected behaviour of the current AppArmor rules for Firefox in /var/lib/snapd/apparmor/profiles/snap.firefox.firefox and I believe isn't a regression. I've asked if it would make sense to amend things to allow this use-case of also checking read permissions for files in the user's home directory via group membership when the owner is different, and will provide updates here when I hear back.

Flags: needinfo?(bandali)

The severity field is not set for this bug.
:gerard-majax, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(lissyx+mozillians)
Severity: -- → S4
Flags: needinfo?(lissyx+mozillians)
Priority: -- → P3

Amin have you got news ? Do you have an upstream bug to link maybe ?

Flags: needinfo?(bandali)
URL: https://github.com/canonical/firefox-...
Flags: needinfo?(bandali)
Attached file GitHub Pull Request
Assignee: nobody → lissyx+mozillians
Assignee: lissyx+mozillians → bandali
Keywords: snap
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: