Insecure file permissions in the Firefox browser for Linux >= v0.9
Date: Mon, 13 Sep 2004 21:12:16 +0200
From: Max <[email protected]>
To: [email protected]
Subject: Insecure file permissions in the Firefox browser for Linux >= v0.9
after installing firefox many of the permissions are set to 777, allowing
anyone on the system to change the contents of the (executable) files.
this first occured in the 0.9 release (in the tar.gz release as well as in the
installer). the problem (or is it called a feature now?) still exists in the
latest release v0.9.3.
the problem was reported on bugzilla long long time ago by myself and others.
lunanova:/tmp# tar xzf firefox-0.9.3-i686-linux-gtk2+xft-installer.tar.gz
lunanova:/tmp# cd firefox-installer/
lunanova:/tmp/firefox-installer# ./firefox-installer
# ... installing to /tmp/firefox-0.9.3
lunanova:/tmp/firefox-installer# exit
max@lunanova:~$ cd /tmp/firefox-0.9.3
max@lunanova:/tmp/firefox-0.9.3$ echo 'echo "oops"' > run-mozilla.sh
max@lunanova:/tmp/firefox-0.9.3$ ./firefox
oops
max@lunanova:/tmp/firefox-0.9.3$ ls -l
total 12676
drwxr-xr-x 4 root root 4096 Sep 13 21:02 chrome
drwxr-xr-x 3 root root 4096 Sep 13 21:02 components
drwxr-xr-x 5 root root 4096 Sep 13 21:02 defaults
drwxr-xr-x 2 root root 4096 Sep 13 21:02 extensions
-rwxr-xr-x 1 root root 4775 Aug 3 14:14 firefox
-rwxr-xr-x 1 root root 9758932 Aug 3 14:14 firefox-bin
drwxr-xr-x 2 root root 4096 Sep 13 21:02 greprefs
-rw-r--r-- 1 root root 29364 Sep 13 21:02 install.log
-rwxrwxrwx 1 root root 441204 Aug 3 14:14 libmozjs.so
-rwxrwxrwx 1 root root 177164 Aug 3 14:14 libnspr4.so
-rwxrwxrwx 1 root root 405372 Aug 3 14:14 libnss3.so
-rwxrwxrwx 1 root root 170068 Aug 3 14:14 libnssckbi.so
-rwxrwxrwx 1 root root 15272 Aug 3 14:14 libplc4.so
-rwxrwxrwx 1 root root 8240 Aug 3 14:14 libplds4.so
-rwxrwxrwx 1 root root 134188 Aug 3 14:14 libsmime3.so
-rw-rw-rw- 1 root root 476 Aug 3 14:14 libsoftokn3.chk
-rwxrwxrwx 1 root root 419824 Aug 3 14:14 libsoftokn3.so
-rwxrwxrwx 1 root root 125376 Aug 3 14:14 libssl3.so
-rwxrwxrwx 1 root root 661232 Aug 3 14:14 libxpcom.so
-rwxrwxrwx 1 root root 94888 Aug 3 14:14 libxpcom_compat.so
-rwxrwxrwx 1 root root 7736 Aug 3 14:14 libxpistub.so
-rwxrwxrwx 1 root root 236615 Aug 3 14:14 mozilla-xremote-client
drwxr-xr-x 2 root root 4096 Sep 13 21:02 plugins
-rw-r--r-- 1 root root 335 Sep 13 21:02 registry
drwxr-xr-x 7 root root 4096 Sep 13 21:02 res
-rwxrwxrwx 1 root root 12 Sep 13 21:03 run-mozilla.sh
drwxr-xr-x 2 root root 4096 Sep 13 21:02 searchplugins
-rwxrwxrwx 1 root root 147500 Aug 3 14:14 xpicleanup
.. subdirs dont look much better.