Closed
Bug 258883
Opened 21 years ago
Closed 21 years ago
Bad file permisions in linux version
Categories
(Firefox :: General, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 231083
People
(Reporter: kepi, Assigned: bugzilla)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040823 Firefox/0.9.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040823 Firefox/0.9.3
There are many files with write permisions for all users and not only owner.
This problem is in installer files and also in the content of .jar files in
linux gtk2 + xft release:
firefox-0.9.3-i686-linux-gtk2+xft.tar.gz
firefox-0.9.3-i686-linux-gtk2+xft-installer.tar.gz
Reproducible: Always
Steps to Reproduce:
|
||
Comment 1•21 years ago
|
||
Trying
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10rc/linux-xpi/xpcom.xpi
Seems BAD. File permissions are 777 ;-(
This is security bug!
Blocking 1.0PR?
Flags: blocking-aviary1.0PR?
|
|
||
Comment 2•21 years ago
|
||
Ben, isn't this related with the bug #231083 ?
|
||
Comment 3•21 years ago
|
||
Has someone tested the candidate build
<http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10rc/> ? This bug was
filed on 0.9.3 which is ancient.
|
|
||
Comment 4•21 years ago
|
||
>http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.10rc/> ?
Look my comment #1. I have only tested manually permission in the xpcom.xpi and
they are bad. Assuming bug is still in 0.10rc.
|
Reporter | |
Comment 5•21 years ago
|
||
Yes, I tried also 1.0PRrc and problem is still here.
Most of files for example in browser.xpi has 666 permisions and executables has 777.
Problem isn't only in .xpi files but also more deeply in jar files (ie.
browser.jar).
|
|
||
Comment 6•21 years ago
|
||
Setting blocking flag (which may be reversed) to make sure the rest of the team
is aware of this potential issue.
Flags: blocking-aviary1.0PR? → blocking-aviary1.0PR+
Was there any other issue in the 1.0PR builds other than what's inside the XPIs?
While the XPI files have such permissions inside them, extraction of XPI files
is done according to your umask, so that shouldn't be a problem.
(Changes since 0.9.3 have been both bug 231083 and bug 254303.)
|
|
Reporter | |
Comment 9•21 years ago
|
||
(In reply to comment #7)
> Was there any other issue in the 1.0PR builds other than what's inside the XPIs?
> While the XPI files have such permissions inside them, extraction of XPI files
> is done according to your umask, so that shouldn't be a problem.
My umask is 0022.
But sorry... now I can see, that problem with rights is in 1.0PR only when
extract xpi or jar files, but after installation with installer permisions is
correct.
So I think that bug can be closed because it's only in ff 0.9.3
*** This bug has been marked as a duplicate of 231083 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 11•21 years ago
|
||
unsetting blocking flag since this is a dupe of a fixed bug.
Flags: blocking-aviary1.0PR+
|
|
||
Comment 12•21 years ago
|
||
tentatively verified based upon Asa (comment 11) implying that the locked bug is
indeed a dupe. should we lock this one as well then?
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•