Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Firefox invocation allows unintended rootaccess
  • From: "Michel Messerschmidt" <lists@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 31 Mar 2005 09:09:38 +0200 (CEST)
  • Message-id: <63551.>
> Of course, but that's not what one expects of a browser whose reputation
> is built, at least partly, on security.

Never rely on reputation when it comes to security.

> The fact remains that I clicked on a link in an email message as an
> unprivileged user on my web-facing machine, but found that I had
> connected to the web as root on a machine that normally only connects to
> the web for system updates.

*Never* click on a link in an email. You should have known that it's
dangerous :-)

> Also, regardless of the security implications, if I start a session on a
> remote box and start firefox, I do this because I want THAT user's set
> of bookmarks etc., not those of some arbitrary user on a different
> machine. As it stands, the only way to achieve this is to shut down all
> prior instances of firefox first, which is neither intuitive, nor
> desirable.

If you run different X applications (or instances) on the same X session,
they may influence each other.
As a side note, the start script of the Mozilla applications even
prevent that you start instances of Firefox and Mozilla at the same
time. So if you have a running firefox and start mozilla, you get another
firefox instance. Surely not intuitive, but this alone is not a security

> As I mentioned in my original post, I don't know the details of the
> underlying mechanism, as it involves the interaction of X, ssh and
> firefox.

It depends on how you started your root session. A simple "su" for example
leaves much of the original users' shell environment intact in the root
session. The firefox start script may use some of this remnants. If the
X authorization is shared (often done with "sux" or "ssh -X"), root
operates on the *same* X session as your unprivileged user.
This is completly different than two independent console logins.
So from a security point of view, you shouldn't use Xwindows applications
with root. Use a text mode browser instead.

Michel Messerschmidt, lists@xxxxxxxxxxxxxxxxxxxxxxx

< Previous Next >