Closed
Bug 291479
Opened 20 years ago
Closed 20 years ago
Downloaded files do not inherit security attributes on NTFS volumes
Categories
(Toolkit :: Downloads API, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 224692
People
(Reporter: starless, Assigned: bugs)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
When you left-click on a link to a downloadable file in a web page, e.g. a .exe
file, and tell Firefox to download it, it is first saved in a temporary location
inside the user's home directory, and then MOVED to its final destination. On an
NTFS volume, this causes the file to have the same security attributes as the
user's home directory, because the move operation keeps those attributes,
irrelevant of the attributes of the directory where it was saved. But let's
suppose I usually save files in a shared directory, because I want them to be
available to other users: the current behaviour prevents this.
When saving a file by right clicking on the link and choosing Save As, instead,
we have the correct behaviour: the file is created with the inherit option
active, so it gets its attributes from the parent folder; this happens because
in this case the file is directly created into the destination directory, no
temp file and no move operation involved.
Also Internet Explorer, on the other hand, saves files in a temp directory owned
by the user while downloading, but has a different behaviour: when the download
is finished, it COPIES the file to its final destination, and then deletes the
temp file; a copy operation does not keep security attributes, so the final file
correctly inherits attributes from the parent folder.
I think Firefox should use a copy operation, too, instead of a move one, because
having the downloaded file inherit the parent folder attributes seems to me the
most intuitive behaviour.
Reproducible: Always
Steps to Reproduce:
1. Using Firefox on a system running on an NTFS volume, open a web page
containing a link to a downloadable file, e.g. a .exe file;
2. left-click on the link, and choose to save the file in a directory which has
different security attributes than your home directory, e.g. the home directory
of a different user (if you are administrator and can write inside it), or a
directory which allows total control to "Everyone";
3. when the download is finished, check the file security attributes.
Actual Results:
The security attributes of the downloaded file are the same as the ones in my
own system temporary directory, it only belongs to me.
Expected Results:
The file should have inherited its security attributes from the directory where
I saved it, e.g. belong to the other user in my first example, or accessible by
Everyone in my second one.
|
||
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 224692 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
|
||
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
|
||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•