Bug #26040 “mozilla-firefox: “su root -c firefox” gives root acc...” : Bugs : firefox package : Debian

Revision history for this message

In Debian Bug tracker #340284, Steve Kemp (skx) wrote on 2005-11-22: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other firefox loaded.

#1

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:

> To reproduce this bug:
>
> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox reads root's
> profile and gets root's rights.

Isn't this expected behaviour from Firefox? When invoking new copies
it doesn't spawn an independent new instance, instead it connects to
the already-running instance?

I guess it's a security hole in a sense...

Steve
--

Revision history for this message

In Debian Bug tracker #340284, Steve Langasek (vorlon) wrote on 2005-11-22:

#2

severity 340284 important
thanks

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:
> To reproduce this bug:

> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox reads root's
> profile and gets root's rights.

This is not true. They are not unrelated; they are associated with the same
display. firefox may not have worked as you expected, but it didn't give
you any more rights than you already had -- this worked because *you* ran su
from an X display that you were already logged into.

If I even just run ssh -CX root@localhost -f firefox instead of su'ing
directly, the firefox profiles are not shared. There is no evidence that
arbitrary users are going to be able to get into root's firefox session this
way.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#3

Automatically imported from Debian bug report #340284 http://bugs.debian.org/340284

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#4

Download full text (3.2 KiB)

Message-Id: <20051122113646.E0D44B5DED@dsp1>
Date: Tue, 22 Nov 2005 12:36:46 +0100
From: "S. Thommerel" <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: mozilla-firefox: "su root -c firefox" gives root access to any other firefox
loaded.

Package: mozilla-firefox
Version: 1.0.7-1
Severity: critical
Tags: security
Justification: root security hole

To reproduce this bug:

su root and then load firefox from the term. Then launch firefox from
another unrelated and normal user terminal. The newly launched firefox reads root's
profile and gets root's rights.

I normally have no rights to save anything in /usr/share with my user
account. I used firefox as root to go and grab an icon for xfce4 that I
could save in /usr/share/pixmaps. After that the download tab was the
only remaining part of root's firefox.
I loaded firefox (normal user account) and it didn't not show my normal
homepage. I tried to save google's logo in /usr/share/pixmaps. It
worked!!!

-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)

Versions of packages mozilla-firefox ii debianutils 2.15.1 ii fontconfig 2.3.2-1 ii libatk1.0-0 1.10.3-1 ii libc6 2.3.5-6 ii libfontconfig1 2.3.2-1 ii libfreetype6 2.1.7-2.4 ii libgcc1 1:4.0.2-2 ii libglib2.0-0 2.8.3-1 ii libgtk2.0-0 2.6.10-1 ii libidl0 0.8.5-1 ii libjpeg62 6b-10 ii libkrb53 1.3.6-5 ii libpango1.0-0 1.8.2-3 ii libpng12-0 1.2.8rel-5 ii libstdc++6 4.0.2-2 ii libx11-6 ii libxext6 ii libxft2 2.1.7-1 ii libxinerama1 ii libxp6 ii libxt6 ii psmisc 21.8-1 ii xlibs ii zlib1g 1:1.2.3-4 depends on:
Miscellaneous utilities specific t
generic font configuration library
The ATK accessibility toolkit
GNU C Library: Shared libraries an
generic font configuration library
FreeType 2 font engine, shared lib
GCC support library
The GLib library of C routines
The GTK+ graphical user interface
library for parsing CORBA IDL file
The Independent JPEG Group's JPEG
MIT Kerberos runtime libraries
Layout and rendering of internatio
PNG library - runtime
The GNU Standard C++ Library v3
6.8.2.dfsg.1-7 X Window System protocol client li
6.8.2.dfsg.1-7 X Window System miscellaneous exte
FreeType-based font drawing librar
6.8.2.dfsg.1-7 X Window System multi-head display
6.8.2.dfsg.1-7 X Window System printing extension
6.8.2.dfsg.1-7 X Toolkit Intrinsics
Utilities that use the proc filesy
6.8.2.dfsg.1-7 X Window System client libraries m
compression library -...

Message-Id: <20051122113646.E0D44B5DED@dsp1>
Date: Tue, 22 Nov 2005 12:36:46 +0100
From: "S. Thommerel" <silvere.thommerel@free.fr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mozilla-firefox: "su root -c firefox" gives root access to any other firefox
 loaded.

Package: mozilla-firefox
Version: 1.0.7-1
Severity: critical
Tags: security
Justification: root security hole

To reproduce this bug:

su root and then load firefox from the term. Then launch firefox from
 another unrelated and normal user terminal. The newly launched firefox reads root's
 profile and gets root's rights.

I normally have no rights to save anything in /usr/share with my user
 account. I used firefox as root to go and grab an icon for xfce4 that I
 could save in /usr/share/pixmaps. After that the download tab was the
 only remaining part of root's firefox.
 I loaded firefox (normal user account) and it didn't not show my normal
 homepage. I tried to save google's logo in /usr/share/pixmaps. It
 worked!!!

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)

Versions of packages mozilla-firefox depends on:
ii  debianutils               2.15.1         Miscellaneous utilities specific t
ii  fontconfig                2.3.2-1        generic font configuration library
ii  libatk1.0-0               1.10.3-1       The ATK accessibility toolkit
ii  libc6                     2.3.5-6        GNU C Library: Shared libraries an
ii  libfontconfig1            2.3.2-1        generic font configuration library
ii  libfreetype6              2.1.7-2.4      FreeType 2 font engine, shared lib
ii  libgcc1                   1:4.0.2-2      GCC support library
ii  libglib2.0-0              2.8.3-1        The GLib library of C routines
ii  libgtk2.0-0               2.6.10-1       The GTK+ graphical user interface 
ii  libidl0                   0.8.5-1        library for parsing CORBA IDL file
ii  libjpeg62                 6b-10          The Independent JPEG Group's JPEG 
ii  libkrb53                  1.3.6-5        MIT Kerberos runtime libraries
ii  libpango1.0-0             1.8.2-3        Layout and rendering of internatio
ii  libpng12-0                1.2.8rel-5     PNG library - runtime
ii  libstdc++6                4.0.2-2        The GNU Standard C++ Library v3
ii  libx11-6                  6.8.2.dfsg.1-7 X Window System protocol client li
ii  libxext6                  6.8.2.dfsg.1-7 X Window System miscellaneous exte
ii  libxft2                   2.1.7-1        FreeType-based font drawing librar
ii  libxinerama1              6.8.2.dfsg.1-7 X Window System multi-head display
ii  libxp6                    6.8.2.dfsg.1-7 X Window System printing extension
ii  libxt6                    6.8.2.dfsg.1-7 X Toolkit Intrinsics
ii  psmisc                    21.8-1         Utilities that use the proc filesy
ii  xlibs                     6.8.2.dfsg.1-7 X Window System client libraries m
ii  zlib1g                    1:1.2.3-4      compression library - runtime

mozilla-firefox recommends no packages.

-- no debconf information

Revision history for this message

In Debian Bug tracker #340284, Mike Hommey (mh-glandium) wrote on 2005-11-22:

#5

Download full text (3.6 KiB)

severity 340284 normal
merge 340284 238533
thanks

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <email address hidden> wrote:
> Package: mozilla-firefox
> Version: 1.0.7-1
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
>
> To reproduce this bug:
>
> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox reads root's
> profile and gets root's rights.
>
> I normally have no rights to save anything in /usr/share with my user
> account. I used firefox as root to go and grab an icon for xfce4 that I
> could save in /usr/share/pixmaps. After that the download tab was the
> only remaining part of root's firefox.
> I loaded firefox (normal user account) and it didn't not show my normal
> homepage. I tried to save google's logo in /usr/share/pixmaps. It
> worked!!!

You ran your firefox from the same display, thus using the one that was
already on the display. It's a feature. It may be annoying, but not a
security problem : if you have a root mozilla/firefox on your display,
well, you already have root access.
If you'd try on another display (Xnest or whatever), you'd see running
firefox from there would bring a new instance.

Downgrading severity, and merging with duplicates.

Mike
>
>
>
>
> -- System Information:
> Debian Release: testing/unstable
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.14
> Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)
>
> Versions of packages mozilla-firefox depends on:
> ii debianutils 2.15.1 Miscellaneous utilities specific t
> ii fontconfig 2.3.2-1 generic font configuration library
> ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit
> ii libc6 2.3.5-6 GNU C Library: Shared libraries an
> ii libfontconfig1 2.3.2-1 generic font configuration library
> ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib
> ii libgcc1 1:4.0.2-2 GCC support library
> ii libglib2.0-0 2.8.3-1 The GLib library of C routines
> ii libgtk2.0-0 2.6.10-1 The GTK+ graphical user interface
> ii libidl0 0.8.5-1 library for parsing CORBA IDL file
> ii libjpeg62 6b-10 The Independent JPEG Group's JPEG
> ii libkrb53 1.3.6-5 MIT Kerberos runtime libraries
> ii libpango1.0-0 1.8.2-3 Layout and rendering of internatio
> ii libpng12-0 1.2.8rel-5 PNG library - runtime
> ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3
> ii libx11-6 6.8.2.dfsg.1-7 X Window System protocol client li
> ii libxext6 6.8.2.dfsg.1-7 X Window System miscellaneous exte
> ii libxft2 2.1.7-1 FreeType-based font drawing librar
> ii libxinerama1 6.8.2.dfsg.1-7 X Window System ...

severity 340284 normal
merge 340284 238533
thanks

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <silvere.thommerel@free.fr> wrote:
> Package: mozilla-firefox
> Version: 1.0.7-1
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> 
> 
> To reproduce this bug:
> 
>  su root and then load firefox from the term. Then launch firefox from
>  another unrelated and normal user terminal. The newly launched firefox reads root's
>  profile and gets root's rights.
> 
>  I normally have no rights to save anything in /usr/share with my user
>  account. I used firefox as root to go and grab an icon for xfce4 that I
>  could save in /usr/share/pixmaps. After that the download tab was the
>  only remaining part of root's firefox.
>  I loaded firefox (normal user account) and it didn't not show my normal
>  homepage. I tried to save google's logo in /usr/share/pixmaps. It
>  worked!!!

You ran your firefox from the same display, thus using the one that was
already on the display. It's a feature. It may be annoying, but not a
security problem : if you have a root mozilla/firefox on your display,
well, you already have root access.
If you'd try on another display (Xnest or whatever), you'd see running
firefox from there would bring a new instance.

Downgrading severity, and merging with duplicates.

Mike
> 
>  
> 
>  
> -- System Information:
> Debian Release: testing/unstable
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.14
> Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)
> 
> Versions of packages mozilla-firefox depends on:
> ii  debianutils               2.15.1         Miscellaneous utilities specific t
> ii  fontconfig                2.3.2-1        generic font configuration library
> ii  libatk1.0-0               1.10.3-1       The ATK accessibility toolkit
> ii  libc6                     2.3.5-6        GNU C Library: Shared libraries an
> ii  libfontconfig1            2.3.2-1        generic font configuration library
> ii  libfreetype6              2.1.7-2.4      FreeType 2 font engine, shared lib
> ii  libgcc1                   1:4.0.2-2      GCC support library
> ii  libglib2.0-0              2.8.3-1        The GLib library of C routines
> ii  libgtk2.0-0               2.6.10-1       The GTK+ graphical user interface 
> ii  libidl0                   0.8.5-1        library for parsing CORBA IDL file
> ii  libjpeg62                 6b-10          The Independent JPEG Group's JPEG 
> ii  libkrb53                  1.3.6-5        MIT Kerberos runtime libraries
> ii  libpango1.0-0             1.8.2-3        Layout and rendering of internatio
> ii  libpng12-0                1.2.8rel-5     PNG library - runtime
> ii  libstdc++6                4.0.2-2        The GNU Standard C++ Library v3
> ii  libx11-6                  6.8.2.dfsg.1-7 X Window System protocol client li
> ii  libxext6                  6.8.2.dfsg.1-7 X Window System miscellaneous exte
> ii  libxft2                   2.1.7-1        FreeType-based font drawing librar
> ii  libxinerama1              6.8.2.dfsg.1-7 X Window System multi-head display
> ii  libxp6                    6.8.2.dfsg.1-7 X Window System printing extension
> ii  libxt6                    6.8.2.dfsg.1-7 X Toolkit Intrinsics
> ii  psmisc                    21.8-1         Utilities that use the proc filesy
> ii  xlibs                     6.8.2.dfsg.1-7 X Window System client libraries m
> ii  zlib1g                    1:1.2.3-4      compression library - runtime
> 
> mozilla-firefox recommends no packages.
> 
> -- no debconf information
> 
>

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#6

Message-ID: <email address hidden>
Date: Tue, 22 Nov 2005 11:56:50 +0000
From: Steve Kemp <email address hidden>
To: "S. Thommerel" <email address hidden>, <email address hidden>
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other
firefox loaded.

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:

> To reproduce this bug:
>
> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox reads root's
> profile and gets root's rights.

Isn't this expected behaviour from Firefox? When invoking new copies
it doesn't spawn an independent new instance, instead it connects to
the already-running instance?

I guess it's a security hole in a sense...

Steve
--

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#7

Message-ID: <email address hidden>
Date: Tue, 22 Nov 2005 04:14:05 -0800
From: Steve Langasek <email address hidden>
To: "S. Thommerel" <email address hidden>,
<email address hidden>
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other
firefox loaded.

--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

severity 340284 important
thanks

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:
> To reproduce this bug:

> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox r=
eads root's
> profile and gets root's rights.

This is not true. They are not unrelated; they are associated with the same
display. firefox may not have worked as you expected, but it didn't give
you any more rights than you already had -- this worked because *you* ran su
=66rom an X display that you were already logged into.

If I even just run ssh -CX root@localhost -f firefox instead of su'ing
directly, the firefox profiles are not shared. There is no evidence that
arbitrary users are going to be able to get into root's firefox session this
way.

--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDgwuNKN6ufymYLloRAjuhAJ9BfjhQO3VVyEnaZS8gTUNAG9b0AQCfTSb2
hp86/e53rvTf3X7JYhQDYR8=
=VYWs
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#8

Download full text (3.9 KiB)

Message-ID: <email address hidden>
Date: Tue, 22 Nov 2005 13:21:03 +0100
From: Mike Hommey <email address hidden>
To: "S. Thommerel" <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other
firefox loaded.

severity 340284 normal
merge 340284 238533
thanks

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <email address hidden> wrote:
> Package: mozilla-firefox
> Version: 1.0.7-1
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
>
> To reproduce this bug:
>
> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox reads root's
> profile and gets root's rights.
>
> I normally have no rights to save anything in /usr/share with my user
> account. I used firefox as root to go and grab an icon for xfce4 that I
> could save in /usr/share/pixmaps. After that the download tab was the
> only remaining part of root's firefox.
> I loaded firefox (normal user account) and it didn't not show my normal
> homepage. I tried to save google's logo in /usr/share/pixmaps. It
> worked!!!

You ran your firefox from the same display, thus using the one that was
already on the display. It's a feature. It may be annoying, but not a
security problem : if you have a root mozilla/firefox on your display,
well, you already have root access.
If you'd try on another display (Xnest or whatever), you'd see running
firefox from there would bring a new instance.

Downgrading severity, and merging with duplicates.

Mike
>
>
>
>
> -- System Information:
> Debian Release: testing/unstable
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.14
> Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)
>
> Versions of packages mozilla-firefox depends on:
> ii debianutils 2.15.1 Miscellaneous utilities specific t
> ii fontconfig 2.3.2-1 generic font configuration library
> ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit
> ii libc6 2.3.5-6 GNU C Library: Shared libraries an
> ii libfontconfig1 2.3.2-1 generic font configuration library
> ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib
> ii libgcc1 1:4.0.2-2 GCC support library
> ii libglib2.0-0 2.8.3-1 The GLib library of C routines
> ii libgtk2.0-0 2.6.10-1 The GTK+ graphical user interface
> ii libidl0 0.8.5-1 library for parsing CORBA IDL file
> ii libjpeg62 6b-10 The Independent JPEG Group's JPEG
> ii libkrb53 1.3.6-5 MIT Kerberos runtime libraries
> ii libpango1.0-0 1.8.2-3 Layout and rendering of internatio
> ii libpng12-0 1.2.8rel-5 PNG library - runtime
> ii libstdc++6 4.0.2-2 The GNU...

Message-ID: <20051122122103.GA1921@glandium.org>
Date: Tue, 22 Nov 2005 13:21:03 +0100
From: Mike Hommey <mh@glandium.org>
To: "S. Thommerel" <silvere.thommerel@free.fr>, 340284@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other
	firefox loaded.

severity 340284 normal
merge 340284 238533
thanks

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <silvere.thommerel@free.fr> wrote:
> Package: mozilla-firefox
> Version: 1.0.7-1
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> 
> 
> To reproduce this bug:
> 
>  su root and then load firefox from the term. Then launch firefox from
>  another unrelated and normal user terminal. The newly launched firefox reads root's
>  profile and gets root's rights.
> 
>  I normally have no rights to save anything in /usr/share with my user
>  account. I used firefox as root to go and grab an icon for xfce4 that I
>  could save in /usr/share/pixmaps. After that the download tab was the
>  only remaining part of root's firefox.
>  I loaded firefox (normal user account) and it didn't not show my normal
>  homepage. I tried to save google's logo in /usr/share/pixmaps. It
>  worked!!!

You ran your firefox from the same display, thus using the one that was
already on the display. It's a feature. It may be annoying, but not a
security problem : if you have a root mozilla/firefox on your display,
well, you already have root access.
If you'd try on another display (Xnest or whatever), you'd see running
firefox from there would bring a new instance.

Downgrading severity, and merging with duplicates.

Mike
> 
>  
> 
>  
> -- System Information:
> Debian Release: testing/unstable
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.14
> Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)
> 
> Versions of packages mozilla-firefox depends on:
> ii  debianutils               2.15.1         Miscellaneous utilities specific t
> ii  fontconfig                2.3.2-1        generic font configuration library
> ii  libatk1.0-0               1.10.3-1       The ATK accessibility toolkit
> ii  libc6                     2.3.5-6        GNU C Library: Shared libraries an
> ii  libfontconfig1            2.3.2-1        generic font configuration library
> ii  libfreetype6              2.1.7-2.4      FreeType 2 font engine, shared lib
> ii  libgcc1                   1:4.0.2-2      GCC support library
> ii  libglib2.0-0              2.8.3-1        The GLib library of C routines
> ii  libgtk2.0-0               2.6.10-1       The GTK+ graphical user interface 
> ii  libidl0                   0.8.5-1        library for parsing CORBA IDL file
> ii  libjpeg62                 6b-10          The Independent JPEG Group's JPEG 
> ii  libkrb53                  1.3.6-5        MIT Kerberos runtime libraries
> ii  libpango1.0-0             1.8.2-3        Layout and rendering of internatio
> ii  libpng12-0                1.2.8rel-5     PNG library - runtime
> ii  libstdc++6                4.0.2-2        The GNU Standard C++ Library v3
> ii  libx11-6                  6.8.2.dfsg.1-7 X Window System protocol client li
> ii  libxext6                  6.8.2.dfsg.1-7 X Window System miscellaneous exte
> ii  libxft2                   2.1.7-1        FreeType-based font drawing librar
> ii  libxinerama1              6.8.2.dfsg.1-7 X Window System multi-head display
> ii  libxp6                    6.8.2.dfsg.1-7 X Window System printing extension
> ii  libxt6                    6.8.2.dfsg.1-7 X Toolkit Intrinsics
> ii  psmisc                    21.8-1         Utilities that use the proc filesy
> ii  xlibs                     6.8.2.dfsg.1-7 X Window System client libraries m
> ii  zlib1g                    1:1.2.3-4      compression library - runtime
> 
> mozilla-firefox recommends no packages.
> 
> -- no debconf information
> 
>

Revision history for this message

In Debian Bug tracker #340284, S. Thommerel (silvere-thommerel) wrote on 2005-11-22: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other firefox loaded.

#9

Download full text (4.2 KiB)

Hi,
Thanx for your replies.
Ok then, It seems I over reacted for what seems to be a normal feature.
Did anybody ever try to list/document the programs which behave this
way ?

On the contrary launching firefox from within a "su" if there 's already
a firefox loaded is useless.

This bug case can be closed if it still depends on me.

Regards,

Le mardi 22 novembre 2005 à 13:21 +0100, Mike Hommey a écrit :
> severity 340284 normal
> merge 340284 238533
> thanks
>
> On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <email address hidden> wrote:
> > Package: mozilla-firefox
> > Version: 1.0.7-1
> > Severity: critical
> > Tags: security
> > Justification: root security hole
> >
> >
> >
> > To reproduce this bug:
> >
> > su root and then load firefox from the term. Then launch firefox from
> > another unrelated and normal user terminal. The newly launched firefox reads root's
> > profile and gets root's rights.
> >
> > I normally have no rights to save anything in /usr/share with my user
> > account. I used firefox as root to go and grab an icon for xfce4 that I
> > could save in /usr/share/pixmaps. After that the download tab was the
> > only remaining part of root's firefox.
> > I loaded firefox (normal user account) and it didn't not show my normal
> > homepage. I tried to save google's logo in /usr/share/pixmaps. It
> > worked!!!
>
> You ran your firefox from the same display, thus using the one that was
> already on the display. It's a feature. It may be annoying, but not a
> security problem : if you have a root mozilla/firefox on your display,
> well, you already have root access.
> If you'd try on another display (Xnest or whatever), you'd see running
> firefox from there would bring a new instance.
>
> Downgrading severity, and merging with duplicates.
>
> Mike
> >
> >
> >
> >
> > -- System Information:
> > Debian Release: testing/unstable
> > APT prefers testing
> > APT policy: (500, 'testing')
> > Architecture: i386 (i686)
> > Shell: /bin/sh linked to /bin/bash
> > Kernel: Linux 2.6.14
> > Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)
> >
> > Versions of packages mozilla-firefox depends on:
> > ii debianutils 2.15.1 Miscellaneous utilities specific t
> > ii fontconfig 2.3.2-1 generic font configuration library
> > ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit
> > ii libc6 2.3.5-6 GNU C Library: Shared libraries an
> > ii libfontconfig1 2.3.2-1 generic font configuration library
> > ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib
> > ii libgcc1 1:4.0.2-2 GCC support library
> > ii libglib2.0-0 2.8.3-1 The GLib library of C routines
> > ii libgtk2.0-0 2.6.10-1 The GTK+ graphical user interface
> > ii libidl0 0.8.5-1 library for parsing CORBA IDL file
> > ii libjpeg62 6b-10 The Independent JPEG Group's JPEG
> > ii libkrb53 1.3.6-5 MIT Kerberos runtime libraries
> > ...

Hi, 
Thanx for your replies.
Ok then, It seems I over reacted for what seems to be a normal feature.
Did anybody ever try to list/document the programs which behave this
way ?

On the contrary launching firefox from within a "su" if there 's already
a firefox loaded is useless.

This bug case can be closed if it still depends on me.

Regards,

Le mardi 22 novembre 2005 à 13:21 +0100, Mike Hommey a écrit :
> severity 340284 normal
> merge 340284 238533
> thanks
> 
> On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <silvere.thommerel@free.fr> wrote:
> > Package: mozilla-firefox
> > Version: 1.0.7-1
> > Severity: critical
> > Tags: security
> > Justification: root security hole
> > 
> > 
> > 
> > To reproduce this bug:
> > 
> >  su root and then load firefox from the term. Then launch firefox from
> >  another unrelated and normal user terminal. The newly launched firefox reads root's
> >  profile and gets root's rights.
> > 
> >  I normally have no rights to save anything in /usr/share with my user
> >  account. I used firefox as root to go and grab an icon for xfce4 that I
> >  could save in /usr/share/pixmaps. After that the download tab was the
> >  only remaining part of root's firefox.
> >  I loaded firefox (normal user account) and it didn't not show my normal
> >  homepage. I tried to save google's logo in /usr/share/pixmaps. It
> >  worked!!!
> 
> You ran your firefox from the same display, thus using the one that was
> already on the display. It's a feature. It may be annoying, but not a
> security problem : if you have a root mozilla/firefox on your display,
> well, you already have root access.
> If you'd try on another display (Xnest or whatever), you'd see running
> firefox from there would bring a new instance.
> 
> Downgrading severity, and merging with duplicates.
> 
> Mike
> > 
> >  
> > 
> >  
> > -- System Information:
> > Debian Release: testing/unstable
> >   APT prefers testing
> >   APT policy: (500, 'testing')
> > Architecture: i386 (i686)
> > Shell:  /bin/sh linked to /bin/bash
> > Kernel: Linux 2.6.14
> > Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)
> > 
> > Versions of packages mozilla-firefox depends on:
> > ii  debianutils               2.15.1         Miscellaneous utilities specific t
> > ii  fontconfig                2.3.2-1        generic font configuration library
> > ii  libatk1.0-0               1.10.3-1       The ATK accessibility toolkit
> > ii  libc6                     2.3.5-6        GNU C Library: Shared libraries an
> > ii  libfontconfig1            2.3.2-1        generic font configuration library
> > ii  libfreetype6              2.1.7-2.4      FreeType 2 font engine, shared lib
> > ii  libgcc1                   1:4.0.2-2      GCC support library
> > ii  libglib2.0-0              2.8.3-1        The GLib library of C routines
> > ii  libgtk2.0-0               2.6.10-1       The GTK+ graphical user interface 
> > ii  libidl0                   0.8.5-1        library for parsing CORBA IDL file
> > ii  libjpeg62                 6b-10          The Independent JPEG Group's JPEG 
> > ii  libkrb53                  1.3.6-5        MIT Kerberos runtime libraries
> > ii  libpango1.0-0             1.8.2-3        Layout and rendering of internatio
> > ii  libpng12-0                1.2.8rel-5     PNG library - runtime
> > ii  libstdc++6                4.0.2-2        The GNU Standard C++ Library v3
> > ii  libx11-6                  6.8.2.dfsg.1-7 X Window System protocol client li
> > ii  libxext6                  6.8.2.dfsg.1-7 X Window System miscellaneous exte
> > ii  libxft2                   2.1.7-1        FreeType-based font drawing librar
> > ii  libxinerama1              6.8.2.dfsg.1-7 X Window System multi-head display
> > ii  libxp6                    6.8.2.dfsg.1-7 X Window System printing extension
> > ii  libxt6                    6.8.2.dfsg.1-7 X Toolkit Intrinsics
> > ii  psmisc                    21.8-1         Utilities that use the proc filesy
> > ii  xlibs                     6.8.2.dfsg.1-7 X Window System client libraries m
> > ii  zlib1g                    1:1.2.3-4      compression library - runtime
> > 
> > mozilla-firefox recommends no packages.
> > 
> > -- no debconf information
> > 
> > 
>

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#10

Download full text (4.6 KiB)

Message-Id: <1132666781.3348.16.camel@dsp1>
Date: Tue, 22 Nov 2005 14:39:41 +0100
From: Silvere THOMMEREL <email address hidden>
To: Mike Hommey <email address hidden>
Cc: <email address hidden>, <email address hidden>
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root
access to any other firefox loaded.

Hi,=20
Thanx for your replies.
Ok then, It seems I over reacted for what seems to be a normal feature.
Did anybody ever try to list/document the programs which behave this
way ?

On the contrary launching firefox from within a "su" if there 's already
a firefox loaded is useless.

This bug case can be closed if it still depends on me.

Regards,

Le mardi 22 novembre 2005 =E0 13:21 +0100, Mike Hommey a =E9crit :
> severity 340284 normal
> merge 340284 238533
> thanks
>=20
> On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <silvere.thommer=
<email address hidden>> wrote:
> > Package: mozilla-firefox
> > Version: 1.0.7-1
> > Severity: critical
> > Tags: security
> > Justification: root security hole
> >=20
> >=20
> >=20
> > To reproduce this bug:
> >=20
> > su root and then load firefox from the term. Then launch firefox fro=
m
> > another unrelated and normal user terminal. The newly launched firef=
ox reads root's
> > profile and gets root's rights.
> >=20
> > I normally have no rights to save anything in /usr/share with my use=
r
> > account. I used firefox as root to go and grab an icon for xfce4 tha=
t I
> > could save in /usr/share/pixmaps. After that the download tab was th=
e
> > only remaining part of root's firefox.
> > I loaded firefox (normal user account) and it didn't not show my nor=
mal
> > homepage. I tried to save google's logo in /usr/share/pixmaps. It
> > worked!!!
>=20
> You ran your firefox from the same display, thus using the one that was
> already on the display. It's a feature. It may be annoying, but not a
> security problem : if you have a root mozilla/firefox on your display,
> well, you already have root access.
> If you'd try on another display (Xnest or whatever), you'd see running
> firefox from there would bring a new instance.
>=20
> Downgrading severity, and merging with duplicates.
>=20
> Mike
> >=20
> > =20
> >=20
> > =20
> > -- System Information:
> > Debian Release: testing/unstable
> > APT prefers testing
> > APT policy: (500, 'testing')
> > Architecture: i386 (i686)
> > Shell: /bin/sh linked to /bin/bash
> > Kernel: Linux 2.6.14
> > Locale: LANG=3DC, LC_CTYPE=3Dfr_FR (charmap=3DANSI_X3.4-1968) (ignore=
d: LC_ALL set to POSIX)
> >=20
> > Versions of packages mozilla-firefox depends on:
> > ii debianutils 2.15.1 Miscellaneous utilities =
specific t
> > ii fontconfig 2.3.2-1 generic font configurati=
on library
> > ii libatk1.0-0 1.10.3-1 The ATK accessibility to=
olkit
> > ii libc6 2.3.5-6 GNU C Library: Shared li=
braries an
> > ii libfontconfig1 2.3.2-1 generic font configurati=
on library
> > ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, =
shared lib
> > ii libgcc1 1:4.0.2-2 GCC support library
> > ii libglib2...

Message-Id: <1132666781.3348.16.camel@dsp1>
Date: Tue, 22 Nov 2005 14:39:41 +0100
From: Silvere THOMMEREL <silvere.thommerel@free.fr>
To: Mike Hommey <mh@glandium.org>
Cc: 340284@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root
	access to any other firefox loaded.

Hi,=20
Thanx for your replies.
Ok then, It seems I over reacted for what seems to be a normal feature.
Did anybody ever try to list/document the programs which behave this
way ?

On the contrary launching firefox from within a "su" if there 's already
a firefox loaded is useless.

This bug case can be closed if it still depends on me.

Regards,

Le mardi 22 novembre 2005 =E0 13:21 +0100, Mike Hommey a =E9crit :
> severity 340284 normal
> merge 340284 238533
> thanks
>=20
> On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel <silvere.thommer=
el@free.fr> wrote:
> > Package: mozilla-firefox
> > Version: 1.0.7-1
> > Severity: critical
> > Tags: security
> > Justification: root security hole
> >=20
> >=20
> >=20
> > To reproduce this bug:
> >=20
> >  su root and then load firefox from the term. Then launch firefox fro=
m
> >  another unrelated and normal user terminal. The newly launched firef=
ox reads root's
> >  profile and gets root's rights.
> >=20
> >  I normally have no rights to save anything in /usr/share with my use=
r
> >  account. I used firefox as root to go and grab an icon for xfce4 tha=
t I
> >  could save in /usr/share/pixmaps. After that the download tab was th=
e
> >  only remaining part of root's firefox.
> >  I loaded firefox (normal user account) and it didn't not show my nor=
mal
> >  homepage. I tried to save google's logo in /usr/share/pixmaps. It
> >  worked!!!
>=20
> You ran your firefox from the same display, thus using the one that was
> already on the display. It's a feature. It may be annoying, but not a
> security problem : if you have a root mozilla/firefox on your display,
> well, you already have root access.
> If you'd try on another display (Xnest or whatever), you'd see running
> firefox from there would bring a new instance.
>=20
> Downgrading severity, and merging with duplicates.
>=20
> Mike
> >=20
> > =20
> >=20
> > =20
> > -- System Information:
> > Debian Release: testing/unstable
> >   APT prefers testing
> >   APT policy: (500, 'testing')
> > Architecture: i386 (i686)
> > Shell:  /bin/sh linked to /bin/bash
> > Kernel: Linux 2.6.14
> > Locale: LANG=3DC, LC_CTYPE=3Dfr_FR (charmap=3DANSI_X3.4-1968) (ignore=
d: LC_ALL set to POSIX)
> >=20
> > Versions of packages mozilla-firefox depends on:
> > ii  debianutils               2.15.1         Miscellaneous utilities =
specific t
> > ii  fontconfig                2.3.2-1        generic font configurati=
on library
> > ii  libatk1.0-0               1.10.3-1       The ATK accessibility to=
olkit
> > ii  libc6                     2.3.5-6        GNU C Library: Shared li=
braries an
> > ii  libfontconfig1            2.3.2-1        generic font configurati=
on library
> > ii  libfreetype6              2.1.7-2.4      FreeType 2 font engine, =
shared lib
> > ii  libgcc1                   1:4.0.2-2      GCC support library
> > ii  libglib2.0-0              2.8.3-1        The GLib library of C ro=
utines
> > ii  libgtk2.0-0               2.6.10-1       The GTK+ graphical user =
interface=20
> > ii  libidl0                   0.8.5-1        library for parsing CORB=
A IDL file
> > ii  libjpeg62                 6b-10          The Independent JPEG Gro=
up's JPEG=20
> > ii  libkrb53                  1.3.6-5        MIT Kerberos runtime lib=
raries
> > ii  libpango1.0-0             1.8.2-3        Layout and rendering of =
internatio
> > ii  libpng12-0                1.2.8rel-5     PNG library - runtime
> > ii  libstdc++6                4.0.2-2        The GNU Standard C++ Lib=
rary v3
> > ii  libx11-6                  6.8.2.dfsg.1-7 X Window System protocol=
 client li
> > ii  libxext6                  6.8.2.dfsg.1-7 X Window System miscella=
neous exte
> > ii  libxft2                   2.1.7-1        FreeType-based font draw=
ing librar
> > ii  libxinerama1              6.8.2.dfsg.1-7 X Window System multi-he=
ad display
> > ii  libxp6                    6.8.2.dfsg.1-7 X Window System printing=
 extension
> > ii  libxt6                    6.8.2.dfsg.1-7 X Toolkit Intrinsics
> > ii  psmisc                    21.8-1         Utilities that use the p=
roc filesy
> > ii  xlibs                     6.8.2.dfsg.1-7 X Window System client l=
ibraries m
> > ii  zlib1g                    1:1.2.3-4      compression library - ru=
ntime
> >=20
> > mozilla-firefox recommends no packages.
> >=20
> > -- no debconf information
> >=20
> >=20
>=20

Revision history for this message

In Debian Bug tracker #340284, Noah Meyerhans (noahm) wrote on 2005-11-22: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other firefox loaded.

#11

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:
> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox reads root's
> profile and gets root's rights.
>
> I normally have no rights to save anything in /usr/share with my user
> account. I used firefox as root to go and grab an icon for xfce4 that I
> could save in /usr/share/pixmaps. After that the download tab was the
> only remaining part of root's firefox.
> I loaded firefox (normal user account) and it didn't not show my normal
> homepage. I tried to save google's logo in /usr/share/pixmaps. It
> worked!!!

I don't think this is a bug. I think this is what you get when you
allow other users to access your X server. Mozilla-based browsers have
always communicated via the X server. When you run root's browser and
give it access to your display, then try running another instance of the
browser, the second instace notices that there's already a browser
running on the X display and signals it to spawn a new window. Thus,
there's really only one instance of the browser running.

What attack vector do you see here, anyway? You're already root on the
machine, it's not like you're going to get elevated privilages. And
it's not going to work across X displays, so you don't need to worry
about this problem being used maliciously against unsuspecting users.

noah

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#12

Message-ID: <email address hidden>
Date: Tue, 22 Nov 2005 10:26:46 -0500
From: Noah Meyerhans <email address hidden>
To: "S. Thommerel" <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other
firefox loaded.

--doKZ0ri6bHmN2Q5y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:
> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox r=
eads root's
> profile and gets root's rights.
>=20
> I normally have no rights to save anything in /usr/share with my user
> account. I used firefox as root to go and grab an icon for xfce4 that I
> could save in /usr/share/pixmaps. After that the download tab was the
> only remaining part of root's firefox.
> I loaded firefox (normal user account) and it didn't not show my normal
> homepage. I tried to save google's logo in /usr/share/pixmaps. It
> worked!!!

I don't think this is a bug. I think this is what you get when you
allow other users to access your X server. Mozilla-based browsers have
always communicated via the X server. When you run root's browser and
give it access to your display, then try running another instance of the
browser, the second instace notices that there's already a browser
running on the X display and signals it to spawn a new window. Thus,
there's really only one instance of the browser running.

What attack vector do you see here, anyway? You're already root on the
machine, it's not like you're going to get elevated privilages. And
it's not going to work across X displays, so you don't need to worry
about this problem being used maliciously against unsuspecting users.

noah

--doKZ0ri6bHmN2Q5y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDgzi2YrVLjBFATsMRAsVzAJ9/hdUjwyQnnxCkKJb0jBMgwgYSPgCfb3Md
uV5YobiqpDoqftxRR/v29Vs=
=G4z0
-----END PGP SIGNATURE-----

--doKZ0ri6bHmN2Q5y--

Message-ID: <20051122152646.GK21833@morgul.net>
Date: Tue, 22 Nov 2005 10:26:46 -0500
From: Noah Meyerhans <noahm@debian.org>
To: "S. Thommerel" <silvere.thommerel@free.fr>, 340284@bugs.debian.org
Cc: team@security.debian.org
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root access to any other
	firefox loaded.

--doKZ0ri6bHmN2Q5y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:
>  su root and then load firefox from the term. Then launch firefox from
>  another unrelated and normal user terminal. The newly launched firefox r=
eads root's
>  profile and gets root's rights.
>=20
>  I normally have no rights to save anything in /usr/share with my user
>  account. I used firefox as root to go and grab an icon for xfce4 that I
>  could save in /usr/share/pixmaps. After that the download tab was the
>  only remaining part of root's firefox.
>  I loaded firefox (normal user account) and it didn't not show my normal
>  homepage. I tried to save google's logo in /usr/share/pixmaps. It
>  worked!!!

I don't think this is a bug.  I think this is what you get when you
allow other users to access your X server.  Mozilla-based browsers have
always communicated via the X server.  When you run root's browser and
give it access to your display, then try running another instance of the
browser, the second instace notices that there's already a browser
running on the X display and signals it to spawn a new window.  Thus,
there's really only one instance of the browser running.

What attack vector do you see here, anyway?  You're already root on the
machine, it's not like you're going to get elevated privilages.  And
it's not going to work across X displays, so you don't need to worry
about this problem being used maliciously against unsuspecting users.

noah

--doKZ0ri6bHmN2Q5y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDgzi2YrVLjBFATsMRAsVzAJ9/hdUjwyQnnxCkKJb0jBMgwgYSPgCfb3Md
uV5YobiqpDoqftxRR/v29Vs=
=G4z0
-----END PGP SIGNATURE-----

--doKZ0ri6bHmN2Q5y--

Revision history for this message

In Debian Bug tracker #340284, Krzysztof Sobolewski (jezuch) wrote on 2005-11-22:

#13

Noah Meyerhans napisał(a):

> I don't think this is a bug. I think this is what you get when you
> allow other users to access your X server. Mozilla-based browsers have
> always communicated via the X server. When you run root's browser and
> give it access to your display, then try running another instance of the
> browser, the second instace notices that there's already a browser
> running on the X display and signals it to spawn a new window. Thus,
> there's really only one instance of the browser running.
>
> What attack vector do you see here, anyway? You're already root on the
> machine, it's not like you're going to get elevated privilages. And
> it's not going to work across X displays, so you don't need to worry
> about this problem being used maliciously against unsuspecting users.

I can agree that this is not a security bug, but this behaviour is pretty
useless. Take jEdit [not in Debian archive[1], but open source and
apt-gettable[2]] for ezample - it attaches to existing instance, but keeps
only one instance per user, so I can (and often do) have one jEdit for me
and one jEdit to jEdit for root some config files at the same time. And this
is done in Java, which has inherent problems with that :)
I don't think I'd ever need two Firefoxes for two users, but this is much
cleaner this way.

[1] It requires non-free Sun's Java as it uses some Swing magic
[2]
deb http://dl.sourceforge.net/sourceforge/jedit ./
deb-src http://dl.sourceforge.net/sourceforge/jedit ./
-KS

Revision history for this message

Debian Bug Importer (debzilla) wrote on 2005-11-22:

#14

Message-ID: <email address hidden>
Date: Tue, 22 Nov 2005 20:46:45 +0100
From: Krzysztof Sobolewski <email address hidden>
To: Noah Meyerhans <email address hidden>, <email address hidden>
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root
access to any other firefox loaded.

--------------enig65D0A435793258307342638D
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: quoted-printable

Noah Meyerhans napisa=B3(a):

> I don't think this is a bug. I think this is what you get when you
> allow other users to access your X server. Mozilla-based browsers have=

> always communicated via the X server. When you run root's browser and
> give it access to your display, then try running another instance of th=
e
> browser, the second instace notices that there's already a browser
> running on the X display and signals it to spawn a new window. Thus,
> there's really only one instance of the browser running.
>=20
> What attack vector do you see here, anyway? You're already root on the=

> machine, it's not like you're going to get elevated privilages. And
> it's not going to work across X displays, so you don't need to worry
> about this problem being used maliciously against unsuspecting users.

I can agree that this is not a security bug, but this behaviour is pretty=
=20
useless. Take jEdit [not in Debian archive[1], but open source and=20
apt-gettable[2]] for ezample - it attaches to existing instance, but keep=
s=20
only one instance per user, so I can (and often do) have one jEdit for me=
=20
and one jEdit to jEdit for root some config files at the same time. And t=
his=20
is done in Java, which has inherent problems with that :)
I don't think I'd ever need two Firefoxes for two users, but this is much=
=20
cleaner this way.

[1] It requires non-free Sun's Java as it uses some Swing magic
[2]
deb http://dl.sourceforge.net/sourceforge/jedit ./
deb-src http://dl.sourceforge.net/sourceforge/jedit ./
-KS

--------------enig65D0A435793258307342638D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDg3Wqy0fq9RM+TxgRAgVyAJ0QtABd5d6yt7b7lia5pqOHXaQj2wCfbNG9
hPzqImhbmt4TzbRt/SjNilM=
=qGzv
-----END PGP SIGNATURE-----

--------------enig65D0A435793258307342638D--

Message-ID: <438375A5.2050309@interia.pl>
Date: Tue, 22 Nov 2005 20:46:45 +0100
From: Krzysztof Sobolewski <jezuch@interia.pl>
To: Noah Meyerhans <noahm@debian.org>, 340284@bugs.debian.org
Subject: Re: Bug#340284: mozilla-firefox: "su root -c firefox" gives root
	access to any other firefox loaded.

--------------enig65D0A435793258307342638D
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: quoted-printable

Noah Meyerhans napisa=B3(a):

> I don't think this is a bug.  I think this is what you get when you
> allow other users to access your X server.  Mozilla-based browsers have=

> always communicated via the X server.  When you run root's browser and
> give it access to your display, then try running another instance of th=
e
> browser, the second instace notices that there's already a browser
> running on the X display and signals it to spawn a new window.  Thus,
> there's really only one instance of the browser running.
>=20
> What attack vector do you see here, anyway?  You're already root on the=

> machine, it's not like you're going to get elevated privilages.  And
> it's not going to work across X displays, so you don't need to worry
> about this problem being used maliciously against unsuspecting users.

I can agree that this is not a security bug, but this behaviour is pretty=
=20
useless. Take jEdit [not in Debian archive[1], but open source and=20
apt-gettable[2]] for ezample - it attaches to existing instance, but keep=
s=20
only one instance per user, so I can (and often do) have one jEdit for me=
=20
and one jEdit to jEdit for root some config files at the same time. And t=
his=20
is done in Java, which has inherent problems with that :)
I don't think I'd ever need two Firefoxes for two users, but this is much=
=20
cleaner this way.

[1] It requires non-free Sun's Java as it uses some Swing magic
[2]
deb http://dl.sourceforge.net/sourceforge/jedit ./
deb-src http://dl.sourceforge.net/sourceforge/jedit ./
-KS

--------------enig65D0A435793258307342638D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDg3Wqy0fq9RM+TxgRAgVyAJ0QtABd5d6yt7b7lia5pqOHXaQj2wCfbNG9
hPzqImhbmt4TzbRt/SjNilM=
=qGzv
-----END PGP SIGNATURE-----

--------------enig65D0A435793258307342638D--

Revision history for this message

Ian Jackson (ijackson) wrote on 2005-11-24:

#15

This is not a bug, this is expected and sensible behaviour.

Revision history for this message

In Debian Bug tracker #340284, Eric Dorland (eric-debian) wrote on 2006-01-16: Re: Bug#339022: firefox: remote and local Firefox session not separated

#16

reassign 229547 firefox
merge 229547 339022
thanks

* Rolf Leggewie (<email address hidden>) wrote:
> Package: firefox
> Version: firefox
> Severity: normal
>
> Hi,
>
> thank you for maintaining the Firefox packages. We love you guys!
>
> Today I opened a remote xterm via "ssh -X $IP xterm". From the xterm I
> called firefox. I was amazed to find out that FF came up with my local
> bookmarks and starting page. It turned out that FF was running locally,
> not remotely.
>
> Upon closer inspection it became clear that whenever an FF process is
> already running locally, calling the process remotely still launches FF
> locally. The opposite is also true. I quit all FF processes and called
> it remotely which succeeded. Launching it from a local console then
> does nothing but open another remote FF process.
>
> Konqueror behaves sanely in this respect so I assume it has to do with
> FF itself.

Please don't file duplicate bug reports.

--
Eric Dorland <email address hidden>
ICQ: #61138586, Jabber: <email address hidden>
1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+
G e h! r- y+
------END GEEK CODE BLOCK------

Revision history for this message

In Debian Bug tracker #340284, Eric Dorland (eric-debian) wrote on 2006-02-05: reassign 339022 to firefox, merging 229547 339022

#17

# Automatically generated email from bts, devscripts version 2.9.11
reassign 339022 firefox
merge 229547 339022

Revision history for this message

In Debian Bug tracker #340284, Mike Hommey (mh-glandium) wrote on 2006-02-14: Re: Bug#352809: start remote instance, not a new local window

#18

tag 352809 security
severity 352809 normal
merge 229547 352809
thanks

This is known long standing bug.
The problem with disabling this "feature" by default is that you then
get a firefox process each time you open an url from other programs.
OTOH, when you launch several times epiphany or nautilus, you only get
one instance... except that if you launch it from another account or
another host, you don't use the current instance.
Anyways, in the current state of the firefox code, it's not safe to
disable it by default, there's a huge possibility of loss of data in the
profile.
That's the problem with applications developed by people coming from the
windows world...

Mike

Revision history for this message

In Debian Bug tracker #340284, Lior Kaplan (kaplan) wrote on 2007-10-01: Debian Firefox/Iceweasel bug triage - bug #340284

#19

Dear Firefox/Iceweasel user,

Thanks for your interest in Firefox/Iceweasel and the bug report you have contributed.

Your bug report [0] was done for a version which isn't a part of debian anymore. Debian 4.0 (Etch) was released with version 2.0.0.3.

Please reproduce your bug on an updated version of Iceweasel and confirm it
still exists, or close it as irrelevant for recent versions.

If you don't know or are not sure how to update or close your bug report,
please contact me directly, and I'll help you.

IMPORTANT: In any case, please provide version info, as we use it to determine
the relevance of the bug.

As this bug is quite old, I intend to close it if you don't update your bug
report in the next 6 weeks.

This is the time line for the old bugs cleanup:
1. October 1st - first notice.
2. October 15th - Second notice.
3. October 29th - Third notice.
4. November 12th - Closing the bug.

Please help the Firefox/Iceweasel maintainer to help you (:

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340284

--
Lior Kaplan
<email address hidden>

Revision history for this message

In Debian Bug tracker #340284, Lior Kaplan (kaplan) wrote on 2007-10-18: reassign 352809 to iceweasel, found 352809 in 2.0.0.7-2

#20

# Automatically generated email from bts, devscripts version 2.10.9
reassign 352809 iceweasel
found 352809 2.0.0.7-2

Ian Jackson (ijackson) on 2007-10-23

Changed in firefox:
assignee:	ijackson → nobody

Revision history for this message

In Debian Bug tracker #340284, Eric Dorland (eric-debian) wrote on 2008-01-10: Re: Bug#451327: iceweasel: a running FF/IW steals new local and remote FF/IW instances

#21

forcemerge 229547 451327
thanks

* Paolo (<email address hidden>) wrote:
> Package: iceweasel
> Version: N/A
> Severity: grave
>
> Seems that at some point, Mozilla has introduced a 'feature' that fixed the
> 'another instance of ... already running' issue, so that if you start another
> instance of FF it won't complain, but simply it'd open another window of the
> already running instance.
> So far so good.
> The bad news is that this happens with FF launched on a remote system as well,
> which is *not* what's supposed to happen.
> Here's a scenario:
>
> L. local system: Sarge - stock FF1.5.0.12, FF2.0.0.8, SM1.1.5, Debian's FF.
> R. remote system: Etch - same as above, except Debian's FF->IW .
>
> 1. On L, ssh -X into R
> 2.1. On L, start FF - any version
> 3.1 On R, start FF - any version: the window comes up surprisingly fast;
> problem is, that's just another window of the locally running FF! ie
> if FF1.5 is running on L, then 'iceweasel' on R opens FF1.5 again.
>
> The converse is also true:
>
> 2.2 On R, start IW (or FF/SM)
> 3.2 On L, start FF (or SM): what you get is another window of the remote
> IW/FF/SM.
>
> FF/SM fails to check if the running instance on current $DISPLAY belong to
> same host+binary it's being started from.
> This has some obvious, and perhaps some not so obvious, security issues.

Please don't file duplicate bugs. What precisely are the security risks?

--
Eric Dorland <email address hidden>
ICQ: #61138586, Jabber: <email address hidden>

Revision history for this message

In Debian Bug tracker #340284, Mike Hommey (glandium) wrote on 2009-12-21: tagging 229547

#22

tags 229547 confirmed

Revision history for this message

In Debian Bug tracker #340284, Mike Hommey (glandium) wrote on 2009-12-21:

#23

tags 229547 + upstream

Bug Watch Updater (bug-watch-updater) on 2009-12-30

Changed in firefox (Debian):
status:	New → Confirmed

Affects		Status	Importance	Assigned to	Milestone
	firefox (Debian)	Confirmed	Unknown	debbugs #340284
	firefox (Ubuntu)	Invalid	High	Unassigned

Debian
firefox package

mozilla-firefox: "su root -c firefox" gives root access to any other firefox loaded.

Bug Description

Other bug subscribers

Remote bug watches

Debianfirefox package

mozilla-firefox: "su root -c firefox" gives root access to any other firefox loaded.

Bug Description

Other bug subscribers

Remote bug watches

Debian
firefox package