The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Insecure file permissions in the Firefox browser for Linux >= v0.9


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 13 Sep 2004 21:12:16 +0200
From: Max <[email protected]>
To: [email protected]
Subject: Insecure file permissions in the Firefox browser for Linux >= v0.9


after installing firefox many of the permissions are set to 777, allowing 
anyone on the system to change the contents of the (executable) files.

this first occured in the 0.9 release (in the tar.gz release as well as in the 
installer). the problem (or is it called a feature now?) still exists in the 
latest release v0.9.3.

the problem was reported on bugzilla long long time ago by myself and others.

lunanova:/tmp# tar xzf firefox-0.9.3-i686-linux-gtk2+xft-installer.tar.gz
lunanova:/tmp# cd firefox-installer/
lunanova:/tmp/firefox-installer# ./firefox-installer
# ... installing to /tmp/firefox-0.9.3
lunanova:/tmp/firefox-installer# exit
max@lunanova:~$ cd /tmp/firefox-0.9.3
max@lunanova:/tmp/firefox-0.9.3$ echo 'echo "oops"' > run-mozilla.sh
max@lunanova:/tmp/firefox-0.9.3$ ./firefox
oops
max@lunanova:/tmp/firefox-0.9.3$ ls -l
total 12676
drwxr-xr-x  4 root root    4096 Sep 13 21:02 chrome
drwxr-xr-x  3 root root    4096 Sep 13 21:02 components
drwxr-xr-x  5 root root    4096 Sep 13 21:02 defaults
drwxr-xr-x  2 root root    4096 Sep 13 21:02 extensions
-rwxr-xr-x  1 root root    4775 Aug  3 14:14 firefox
-rwxr-xr-x  1 root root 9758932 Aug  3 14:14 firefox-bin
drwxr-xr-x  2 root root    4096 Sep 13 21:02 greprefs
-rw-r--r--  1 root root   29364 Sep 13 21:02 install.log
-rwxrwxrwx  1 root root  441204 Aug  3 14:14 libmozjs.so
-rwxrwxrwx  1 root root  177164 Aug  3 14:14 libnspr4.so
-rwxrwxrwx  1 root root  405372 Aug  3 14:14 libnss3.so
-rwxrwxrwx  1 root root  170068 Aug  3 14:14 libnssckbi.so
-rwxrwxrwx  1 root root   15272 Aug  3 14:14 libplc4.so
-rwxrwxrwx  1 root root    8240 Aug  3 14:14 libplds4.so
-rwxrwxrwx  1 root root  134188 Aug  3 14:14 libsmime3.so
-rw-rw-rw-  1 root root     476 Aug  3 14:14 libsoftokn3.chk
-rwxrwxrwx  1 root root  419824 Aug  3 14:14 libsoftokn3.so
-rwxrwxrwx  1 root root  125376 Aug  3 14:14 libssl3.so
-rwxrwxrwx  1 root root  661232 Aug  3 14:14 libxpcom.so
-rwxrwxrwx  1 root root   94888 Aug  3 14:14 libxpcom_compat.so
-rwxrwxrwx  1 root root    7736 Aug  3 14:14 libxpistub.so
-rwxrwxrwx  1 root root  236615 Aug  3 14:14 mozilla-xremote-client
drwxr-xr-x  2 root root    4096 Sep 13 21:02 plugins
-rw-r--r--  1 root root     335 Sep 13 21:02 registry
drwxr-xr-x  7 root root    4096 Sep 13 21:02 res
-rwxrwxrwx  1 root root      12 Sep 13 21:03 run-mozilla.sh
drwxr-xr-x  2 root root    4096 Sep 13 21:02 searchplugins
-rwxrwxrwx  1 root root  147500 Aug  3 14:14 xpicleanup
.. subdirs dont look much better.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру