[opensuse] 11.2 and firefox
I recently did a fresh install of opensuse 11.2 keeping my old /home directory from the opensuse 11.1 install. After the install I noticed the taskbar Firefox icon had been moved and was now to the left of the desktops icon. In 11.1 I was able to download photos by right clicking and then save image as and was also able to use the download-helper to download videos, etc. In 11.2 whenever I went to download anything using the above mentioned methods, nothing would happen. I would get no download progress dialog and the requested image/video/file would not download. I noticed in the icon settings for the Firefox link that ownership was set to root/root. I changed this to dave/users. After doing this downloads work as they should. My question is this: Was there a security reason why the Firefox link was set to run as root and will changing it to my user account will open up a security hole? Thanks, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Dave said the following on 12/11/2009 10:01 AM:
[...] I noticed in the icon settings for the Firefox link that ownership was set to root/root.
Gee wow! I just did a "ls -l" of /usr/bin and all those programs are owned by root! Perhaps I should change them to anton/users? NOT!
My question is this: Was there a security reason why the Firefox link was set to run as root and will changing it to my user account will open up a security hole?
Was Firefox "set to run a root"? You don't tell us. You only tell us the ownership of the icon. You don't tell us the ownership and permissions all the way down the line - and we're looking for a setUID or setGID to indicate that it was "run as root". You desktop looks inside the icon for what to do when you click on it. My desktop firefox icon has this inside: [Desktop Entry] Categories=Application;Network;WebBrowser;X-Ximian-Main;X-Ximian-Toplevel; Name=Firefox Comment=Web Browser TryExec=firefox Exec=firefox %u Icon=firefox Terminal=false MimeType=text/html;application/xhtml+xml Type=Application NotShowIn=GNOME; Hmm. So presumably it uses $PATH to find the executable. That leads to /usr/bin/firefox which is a link to /usr/lib/firefox/firefox.sh This script ends up executing /usr/lib/firefox/firefox While all these are _owned_ by root, there re not setUID or setGID programs along the way, so they all execute as the user that invokes them. That would be root if you were logged in as root or su'd to root (or kdesu'd). Altering the ownership of the desktop icon won't alter the ownership of the other stuff in /usr/bin and /usr/lib/firefox So I can't account for why you couldn't download, but I doubt it has anything to do with firefox running as root. However if for some reason your firefox _was_ running as setUID(root) then I'd look in root's home directories for those files that didn't seem to download. Now, you may ask why was he icon owned by root. The short answer is that root installed it. Maybe a smarter installed would have determined that an icon in users desktop should be chown'd. Maybe. So all the stuff that root installs belongs to root? No. Some of it _does_ get chown'd. Various subsystems have their own permissions. Personally I don't think root should own so much. Long ago, a LISA paper "Life without root"[1] showed how many subsystems could be installed and run using IDs that were not root. This has taken hold in Linux and we have many such facilities as well as the ones Steve mentioned. The absolute power of root is dangerous, and there is a good case that an installation ID such a "bin" or 'lib" (uid=3 perhaps?) should have ownership of the executables. That way an error by the installation user (or daemon), while terrible, will be much more limited than if it happened with root. As an extreme example, a RPM that had a script that did a "rm -fr /" would be contained. The rogue installer might be able to wipe out /usr/bin but not /usr/sbin and certainly not /home. Just a thought. [1] "Life without Root", Steve Simmons, Industrial; Technology Institute Presented at LISA IV, Oct 17-19, 1990, Colorado Springs, Colorado -- Who are you to question why your God doesn't want me to believe in him? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thanks for the quick response. I agree that ownership of the binary should have nothing to do with it and should remain root/root. My first attempt to fix this was to use konqueror to try to download images and video. They downloaded just fine. I then opened up a terminal window and ran 'firefox' without the %u. I was able to download both video and images from firefox, for the first time since installing 11.2. That is when I started checking out the taskbar icon. First I noticed that ownership was listed as root/root in the icon settings dialog. I went into Application/Advanced Options and checked the run as different user option. I listed the username as 'dave' (my username). After saving this I noticed ownership of the icon had been changed to dave/users. I can now download from firefox without a problem when starting firefox from the taskbar icon. I have no idea why I could not download before. As a side note, when looking at the task manager firefox was always listed as a 'dave' process both before I modified the link and after. Dave ----- Original Message ----
From: Anton Aylward <anton.aylward@rogers.com> To: OS-EN <opensuse@opensuse.org> Sent: Fri, December 11, 2009 12:24:17 PM Subject: Re: [opensuse] 11.2 and firefox
Dave said the following on 12/11/2009 10:01 AM:
[...] I noticed in the icon settings for the Firefox link that ownership was set to root/root.
Gee wow! I just did a "ls -l" of /usr/bin and all those programs are owned by root! Perhaps I should change them to anton/users?
NOT!
My question is this: Was there a security reason why the Firefox link was set to run as root and will changing it to my user account will open up a security hole?
Was Firefox "set to run a root"? You don't tell us. You only tell us the ownership of the icon. You don't tell us the ownership and permissions all the way down the line - and we're looking for a setUID or setGID to indicate that it was "run as root".
You desktop looks inside the icon for what to do when you click on it. My desktop firefox icon has this inside:
[Desktop Entry] Categories=Application;Network;WebBrowser;X-Ximian-Main;X-Ximian-Toplevel; Name=Firefox Comment=Web Browser TryExec=firefox Exec=firefox %u
Icon=firefox Terminal=false MimeType=text/html;application/xhtml+xml Type=Application NotShowIn=GNOME;
Hmm. So presumably it uses $PATH to find the executable. That leads to /usr/bin/firefox which is a link to /usr/lib/firefox/firefox.sh
This script ends up executing /usr/lib/firefox/firefox
While all these are _owned_ by root, there re not setUID or setGID programs along the way, so they all execute as the user that invokes them. That would be root if you were logged in as root or su'd to root (or kdesu'd).
Altering the ownership of the desktop icon won't alter the ownership of the other stuff in /usr/bin and /usr/lib/firefox
So I can't account for why you couldn't download, but I doubt it has anything to do with firefox running as root.
However if for some reason your firefox _was_ running as setUID(root) then I'd look in root's home directories for those files that didn't seem to download.
Now, you may ask why was he icon owned by root. The short answer is that root installed it. Maybe a smarter installed would have determined that an icon in users desktop should be chown'd. Maybe.
So all the stuff that root installs belongs to root? No. Some of it _does_ get chown'd. Various subsystems have their own permissions.
Personally I don't think root should own so much. Long ago, a LISA paper "Life without root"[1] showed how many subsystems could be installed and run using IDs that were not root. This has taken hold in Linux and we have many such facilities as well as the ones Steve mentioned.
The absolute power of root is dangerous, and there is a good case that an installation ID such a "bin" or 'lib" (uid=3 perhaps?) should have ownership of the executables. That way an error by the installation user (or daemon), while terrible, will be much more limited than if it happened with root. As an extreme example, a RPM that had a script that did a "rm -fr /" would be contained. The rogue installer might be able to wipe out /usr/bin but not /usr/sbin and certainly not /home.
Just a thought.
[1] "Life without Root", Steve Simmons, Industrial; Technology Institute Presented at LISA IV, Oct 17-19, 1990, Colorado Springs, Colorado -- Who are you to question why your God doesn't want me to believe in him? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Anton Aylward -
Dave