desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #97332
[Bug 1415744] Re: Firefox changes Files that are owned by root and read only
If the directory is owned by you then it can just delete it and recreate
it, which is exactly what it does
** Changed in: firefox (Ubuntu)
Status: New => Invalid
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1415744
Title:
Firefox changes Files that are owned by root and read only
Status in firefox package in Ubuntu:
Invalid
Bug description:
Hello.
I'm running Ubuntu 14.04.1 LTS (actually Xubuntu 64 Bit) with Firefox
35.0+build3-0ubuntu0.14.04.2 .
While trying to lock my symbol panel, I gave the file
.mozilla/firefox/61pbl108.default/xulstore.json to root and took all
write rights.
-r-------- 1 root root 270 Jan 29 00:29
.mozilla/firefox/61pbl108.default/xulstore.json
But when closing Fireox, it changes those rights back to:
-rw------- 1 stfischr stfischr 270 Jan 29 00:29
.mozilla/firefox/61pbl108.default/xulstore.json
Even when I use sudo chattr +i it still writes to the file, but
doesn't change owner and rights anymore. How is that even possible? I
verified firefox is running as normal user and I'm also logged in as
normal user.
This is a serius security issue, a programm running as user that is
able to write into files belonging to root!
Any ideas on this one?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1415744/+subscriptions