FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 04-14-2008, 07:46 PM
Chuck Anderson
 
Default set-uid root /usr/lib/nspluginwrapper/plugin-config

Why is this program set-uid root?

ls -l /usr/lib/nspluginwrapper/plugin-config
-rwsr-xr-x 1 root root 60048 2008-03-11 10:02 /usr/lib/nspluginwrapper/plugin-config*

https://bugzilla.redhat.com/show_bug.cgi?id=442065

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-14-2008, 07:57 PM
Jesse Keating
 
Default set-uid root /usr/lib/nspluginwrapper/plugin-config

On Mon, 2008-04-14 at 15:46 -0400, Chuck Anderson wrote:
> Why is this program set-uid root?
>
> ls -l /usr/lib/nspluginwrapper/plugin-config
> -rwsr-xr-x 1 root root 60048 2008-03-11
> 10:02 /usr/lib/nspluginwrapper/plugin-config*
>
> https://bugzilla.redhat.com/show_bug.cgi?id=442065

Probably so that it can create files in /usr/lib/mozilla when a user
downloads a plugin via their browser.

--
Jesse Keating
Fedora -- All my bits are free, are yours?
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-14-2008, 08:01 PM
Chuck Anderson
 
Default set-uid root /usr/lib/nspluginwrapper/plugin-config

On Mon, Apr 14, 2008 at 03:57:56PM -0400, Jesse Keating wrote:
> On Mon, 2008-04-14 at 15:46 -0400, Chuck Anderson wrote:
> > Why is this program set-uid root?
> >
> > ls -l /usr/lib/nspluginwrapper/plugin-config
> > -rwsr-xr-x 1 root root 60048 2008-03-11
> > 10:02 /usr/lib/nspluginwrapper/plugin-config*
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=442065
>
> Probably so that it can create files in /usr/lib/mozilla when a user
> downloads a plugin via their browser.

That just seems wrong. If a user can download a plugin, it should be
put in ~/.mozilla/plugins. A user shouldn't be able to force a plugin
into a system-wide directory.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-14-2008, 08:05 PM
Jesse Keating
 
Default set-uid root /usr/lib/nspluginwrapper/plugin-config

On Mon, 2008-04-14 at 16:01 -0400, Chuck Anderson wrote:
> On Mon, Apr 14, 2008 at 03:57:56PM -0400, Jesse Keating wrote:
> > On Mon, 2008-04-14 at 15:46 -0400, Chuck Anderson wrote:
> > > Why is this program set-uid root?
> > >
> > > ls -l /usr/lib/nspluginwrapper/plugin-config
> > > -rwsr-xr-x 1 root root 60048 2008-03-11
> > > 10:02 /usr/lib/nspluginwrapper/plugin-config*
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=442065
> >
> > Probably so that it can create files in /usr/lib/mozilla when a user
> > downloads a plugin via their browser.
>
> That just seems wrong. If a user can download a plugin, it should be
> put in ~/.mozilla/plugins. A user shouldn't be able to force a plugin
> into a system-wide directory.

I didn't say it was right, just what I thought was happening.

--
Jesse Keating
Fedora -- All my bits are free, are yours?
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-14-2008, 08:08 PM
Chris Ricker
 
Default set-uid root /usr/lib/nspluginwrapper/plugin-config

On Mon, 14 Apr 2008, Chuck Anderson wrote:

> On Mon, Apr 14, 2008 at 03:57:56PM -0400, Jesse Keating wrote:
> > On Mon, 2008-04-14 at 15:46 -0400, Chuck Anderson wrote:
> > > Why is this program set-uid root?
> > >
> > > ls -l /usr/lib/nspluginwrapper/plugin-config
> > > -rwsr-xr-x 1 root root 60048 2008-03-11
> > > 10:02 /usr/lib/nspluginwrapper/plugin-config*
> > >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=442065
> >
> > Probably so that it can create files in /usr/lib/mozilla when a user
> > downloads a plugin via their browser.
>
> That just seems wrong. If a user can download a plugin, it should be
> put in ~/.mozilla/plugins. A user shouldn't be able to force a plugin
> into a system-wide directory.

See https://bugzilla.redhat.com/show_bug.cgi?id=334311 for more history on
it

later,
chris

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 04-17-2008, 02:01 PM
Stephen Smalley
 
Default set-uid root /usr/lib/nspluginwrapper/plugin-config

On Mon, 2008-04-14 at 16:08 -0400, Chris Ricker wrote:
> On Mon, 14 Apr 2008, Chuck Anderson wrote:
>
> > On Mon, Apr 14, 2008 at 03:57:56PM -0400, Jesse Keating wrote:
> > > On Mon, 2008-04-14 at 15:46 -0400, Chuck Anderson wrote:
> > > > Why is this program set-uid root?
> > > >
> > > > ls -l /usr/lib/nspluginwrapper/plugin-config
> > > > -rwsr-xr-x 1 root root 60048 2008-03-11
> > > > 10:02 /usr/lib/nspluginwrapper/plugin-config*
> > > >
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=442065
> > >
> > > Probably so that it can create files in /usr/lib/mozilla when a user
> > > downloads a plugin via their browser.
> >
> > That just seems wrong. If a user can download a plugin, it should be
> > put in ~/.mozilla/plugins. A user shouldn't be able to force a plugin
> > into a system-wide directory.
>
> See https://bugzilla.redhat.com/show_bug.cgi?id=334311 for more history on
> it

Does it have its own domain in policy so that it is at least confined to
only those capabilities it requires and only to access those files it
requires?

Although that won't help from default user shell of unconfined_t.

--
Stephen Smalley
National Security Agency

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 06:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org