Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Firefox invocation allows unintended root access
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Wed, 30 Mar 2005 11:27:57 +0200
  • Message-id: <20050330092757.GA9831@xxxxxxx>
On Tue, Mar 29, 2005 at 10:40:14PM +0100, Phil Betts wrote:
> This is possibly not a SuSE specific problem, but since the two systems
> involved are both running 9.2 Pro, and it's their integrity that's at
> stake, and since I've no idea what the underlying mechanism is, I
> thought I'd start here ;)
>
> The situation:
>
> PC1 - SuSE 9.2 Pro AMD32
> PC2 - SuSE 9.2 Pro AMD64
>
> Run Firefox as root@PC2 for browsing local files (the files are only
> readable by root).
> Still on PC2, run ssh -X to get a shell as normal-user@PC1.
> Start Evolution on PC1, opening on PC2's display.
> Click on an http link in an email.
> A Firefox window opens with the link displayed.
>
> By chance, I noticed that the Adblock extension was missing and I
> happened to click on the About menu. I was surprised to see that it
> claimed to be the x86_64 version.
>
> Further investigation revealed that Evolution had connected to the
> root-invoked Firefox on PC2, rather than starting a fresh instance by
> normal-user@PC1 displaying on PC2.
>
> Had I not noticed this, it would have been easy for me to enable
> java/javascript and installed plugins etc., in the belief that the
> browser was running as normal-user@PC1.
>
> Note that Evolution is an innocent party here, just starting Firefox
> directly from the ssh session produces the same effect. The reason for
> mentioning it is that a link in an email can be a seductive way to trap
> the unwitting user.
>
> Also note that the situation does not appear to occur if the remote
> connection is not involved. I.e. when root@PC2 runs Firefox, then
> user@PC2 starts Firefox, this results in 2 instances of Firefox.
>
> IMHO, Firefox should only connect with an already running instance if
> that instance was started by the same user on the same host. It is
> questionable whether normal-user@PC1 should even be aware of the
> existence of the root@PC2 instance.

Your remote side can do even more things, like snooping or inserting
keyboard input into the main X session.

If you are on the same X Server you have basically full user access.

I do not see this is as a problem, but workin as intended.

Ciao, Marcus
< Previous Next >
Follow Ups
References