desktop-packages team mailing list archive

Thread
Date

[Bug 1415744] Re: Firefox changes Files that are owned by root and read only

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Chris Coulson <chris.coulson@xxxxxxxxxxxxx>
Date: Thu, 29 Jan 2015 11:06:54 -0000
Reply-to: Bug 1415744 <1415744@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

If the directory is owned by you then it can just delete it and recreate
it, which is exactly what it does

** Changed in: firefox (Ubuntu)
       Status: New => Invalid

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1415744

Title:
  Firefox changes Files that are owned by root and read only

Status in firefox package in Ubuntu:
  Invalid

Bug description:
  Hello.

  I'm running Ubuntu 14.04.1 LTS (actually Xubuntu 64 Bit) with Firefox
  35.0+build3-0ubuntu0.14.04.2 .

  While trying to lock my symbol panel, I gave the file
  .mozilla/firefox/61pbl108.default/xulstore.json to root and took all
  write rights.

  -r-------- 1 root root 270 Jan 29 00:29
  .mozilla/firefox/61pbl108.default/xulstore.json

  But when closing Fireox, it changes those rights back to:

  -rw------- 1 stfischr stfischr 270 Jan 29 00:29
  .mozilla/firefox/61pbl108.default/xulstore.json

  Even when I use sudo chattr +i it still writes to the file, but
  doesn't change owner and rights anymore. How is that even possible? I
  verified firefox is running as normal user and I'm also logged in as
  normal user.

  This is a serius security issue, a programm running as user that is
  able to write into files belonging to root!

  Any ideas on this one?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1415744/+subscriptions