Closed Bug 266399 Opened 20 years ago Closed 20 years ago

Security Hole: Privileges of FireFox on Disk Image set to 777

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: norbert, Assigned: bugzilla)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

The application "FireFox" on the mounted DiskImage that you get when downloading
the 1.0RC1 from the Web has its access privileges set to 777.

This means that after a drag & drop install Guest users have full write access
to the application creating a very big security risk.


Reproducible: Always
Steps to Reproduce:
1. Download FireFox 1.0RC1 from the Web.
2. Open the Disk Image.
3. Drag the App icon to your Applications folder.
4. Check the Access Privileges in the Finder's Get Info window.

Actual Results:  
The Everybody setting is Read & Write

Expected Results:  
Should be Read only to prevent guest or non-admin users from altering the app.
This was fixed (though I can't find the bug anywhere, I remember seeing the
checkin comment on Bonsai) after 1.0RC. Verified using the latest nightly build
(20041030 1.0RC2) that the disk image comes with suitable permissions, namely
drwxr-xr-x.

Resolving as WFM.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.