search

firstred / page-speed

Automatically exported from code.google.com/p/page-speed
0 stars 0 forks source link

Page Speed should not change permissions on directories it does not create. #91

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 

On Wed, Jul 8, 2009 at 4:13 AM, xu<hesenbruce@gmail.com> wrote:
>
> Dear All:
>     Before i found the google page-speed chmod 755 /tmp , i cost 2
> hours to google mysql can't write /tmp/#XXX.frm, and found out
> resolution.
>
>     chmod 777 /tmp  => drwxrwxrwt  58 root root     36864 07-08 15:52
> tmp
>        error: 755 /tmp => drwxr-xr-x 58 root root     36864 07-08
> 12:52 tmp
>
>     So, i think that i installed any apps today. I remeber.
>     i install firefox3.5 and page-speed 1.0.1.1. When finished。 Use
> it to analyze my site.
>     Follow steps;
>       Press F12 -> Page Speed -> Analyze Performance .
>
>     It changed my /tmp from 777 to 755. And then my some app can't
> write /tmp directory.
>     If you has mysql, you can test, please restart mysql service, it
> may be inform a cat't write /tmp/#XXX,
>
>     Please DEV resole it.
>
> My OS enviroments:
>  OS: centOS5.0 and I run it with root .
>  firefox3.5 ,
>  firebug: 1.4
>  page-speed:1.0.11
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google Groups
"page-speed-discuss" group.
> To post to this group, send email to page-speed-discuss@googlegroups.com
> To unsubscribe from this group, send email to
page-speed-discuss+unsubscribe@googlegroups.com
> For more options, visit this group at
http://groups.google.com/group/page-speed-discuss?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
>

Original issue reported on code.google.com by sker...@google.com on 8 Jul 2009 at 3:03

GoogleCodeExporter commented 9 years ago 
>2009/7/8 Sam Kerner <skerner@google.com>:
>
> Hello,
>    Sorry to hear we caused you to waste two hours.  We should never
> change permissions on a directory we do not create (/tmp in this
> case).  Will submit a fix for this right away.
>
>    I wonder why you are running as root.  If firefox was not running
> as root, it could not change the permissions of /tmp.  I am not trying
> to excuse what I agree is a bug in our code.  I want to make you aware
> that when you run software as root, you give programs permission to do
> anything to your system.  Usually, there is no benefit to taking this
> risk.  If you need to do something as root, consider using a program
> like sudo (http://en.wikipedia.org/wiki/Sudo).  Running a web browser
> as root is a bad idea, because:
>
> * There is no need.  Firefox is designed to run as a normal user, and
> should not be altering any files that root owns.
> * Browsers are big and complex.  You are trusting the browser, all the
> libraries it includes, all the plug-ins it runs, and all the add-ons
> you have installed, to not have bugs that will overwrite important
> files.  If you run as a normal user, the OS will stop programs from
> overwriting anything you do not own.
> * Browsers are constantly fetching untrusted data from the network.
> If someone discovers a bug in firefox, they can trigger it on your
> machine via a maliciously crafted web page.
>
> Sam
>

Original comment by sker...@google.com on 8 Jul 2009 at 3:05

GoogleCodeExporter commented 9 years ago 
Fixed in commit r99.

Sam

Original comment by sker...@google.com on 8 Jul 2009 at 10:17