Closed Bug 789534 Opened 12 years ago Closed 12 years ago

Firefox is requesting Superuser access when updating, trying to access /system/bin/sh

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Version:
18 Branch
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 789964

People

(Reporter: blandead41, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:18.0) Gecko/18.0 Firefox/18.0
Build ID: 20120907030554

Steps to reproduce:

I open firefox and upgrade when I get a notice that there is a new nightly version.


Actual results:

I select to download and install it, but the past 2 days it has requested Superuser permission. I denied Firefox the Superuser access because there should be no reason for it.

I checked my Superuser log and it was trying to access /system/bin/sh.

It still successfully upgraded even though I denied superuser access.

I noticed it is also storing the phones IP address and hashValue (sha512) in plain text on the internal sdcard named updates.xml, this also doesn't seem safe. Passwords or hashes should be moved to a system folder so it can take advantage of Android's data encryption option, maybe that's a separate bug though.


Expected results:

Firefox should upgrade without needing and requesting Superuser access.

Unless there is a specialized opt-in feature it should never request Superuser permissions.

This automatically raises red flags for me in regards to security, and it's value to me as a safe browser would be lost.
OS: Windows 7 → Android
Hardware: x86 → ARM
This is by design behavior according to mfinkle
Status: UNCONFIRMED → NEW
Ever confirmed: true
(In reply to Curtis Koenig [:curtisk] from comment #1)
> This is by design behavior according to mfinkle

Yes, it is, but if rooted users start feeling nervous about it, we should reconsider.
We can reconsider if it freaks people out, but I don't know why people are rooting their phones if they consider every root-using app to be a security risk.

The reason we ask for root access is so we can use a streamlined update process instead of the cumbersome and annoying install wizard. It isn't anything nefarious, and it is by design. The root access is restricted to the separate updater process, so the browser is not affected.
I wouldn't be surprised to see most of the rooted users freak out, since firefox isn't a "root" app. 

I figured it wasn't something nefarious, but perhaps some application or trojan would be able to exploit it.

Very unlikely, but I would still suggest to not use root access even on the updater.

Couldn't the browser just automatically direct itself to the ftp server, download it, then have user install?

Honestly, I don't really like the streamlined process in the first place as I still have to check "allow app from non marketplace" and then it auto-syncs my phone and all accounts. Which is nice to have firefox sync, but annoying with several gmail accounts. Background data is still active so couldn't you just sync the firefox account only?
Based on the discussion I'm going to un-hide this bug. We may or may not want to change it, but it's not an exploitable vulnerability.
Group: core-security
Is this not an exact dupe of bug 789964?
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Thank you guys, the past two updates hasn't been requesting the superuser access. The updater seems much smoother/quicker as well
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.