Closed Bug 63668 Opened 24 years ago Closed 24 years ago

Contents of psm/components world writable.

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: cyd, Assigned: ddrinan0264)

Details

The libraries in the psm/components directory are world writable: $ls ~/package/psm/components -rw-rw-rw- 1 myname user 923891 Sep 22 16:04 libnecko.so -rw-rw-rw- 1 myname user 124553 Sep 22 16:04 libnslocale.so -rw-rw-rw- 1 myname user 65416 Sep 22 16:04 libstrres.so -rw-rw-rw- 1 myname user 152343 Sep 22 16:04 libuconv.so -rw-rw-rw- 1 myname user 231634 Sep 22 16:04 libucvlatin.so -rw-rw-rw- 1 myname user 73081 Sep 22 16:04 libunicharutil.so -rw-rw-rw- 1 myname user 108 Sep 22 16:04 xpti.dat -rw-rw-rw- 1 myname user 108 Sep 22 16:04 xptitemp.dat I understand that psm is still having trouble with unix permissions, but opening the .so files up to the world is a security abomination!
marking invalid, since psm is now built into the linux builds, and the permissions are correct
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
Verified with the 1/9/01 nightly Linux build. http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu.tar. gz
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm1.01 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.