Closed GoogleCodeExporter closed 9 years ago
>2009/7/8 Sam Kerner <skerner@google.com>:
>
> Hello,
> Sorry to hear we caused you to waste two hours. We should never
> change permissions on a directory we do not create (/tmp in this
> case). Will submit a fix for this right away.
>
> I wonder why you are running as root. If firefox was not running
> as root, it could not change the permissions of /tmp. I am not trying
> to excuse what I agree is a bug in our code. I want to make you aware
> that when you run software as root, you give programs permission to do
> anything to your system. Usually, there is no benefit to taking this
> risk. If you need to do something as root, consider using a program
> like sudo (http://en.wikipedia.org/wiki/Sudo). Running a web browser
> as root is a bad idea, because:
>
> * There is no need. Firefox is designed to run as a normal user, and
> should not be altering any files that root owns.
> * Browsers are big and complex. You are trusting the browser, all the
> libraries it includes, all the plug-ins it runs, and all the add-ons
> you have installed, to not have bugs that will overwrite important
> files. If you run as a normal user, the OS will stop programs from
> overwriting anything you do not own.
> * Browsers are constantly fetching untrusted data from the network.
> If someone discovers a bug in firefox, they can trigger it on your
> machine via a maliciously crafted web page.
>
> Sam
>
Original comment by sker...@google.com
on 8 Jul 2009 at 3:05
Fixed in commit r99.
Sam
Original comment by sker...@google.com
on 8 Jul 2009 at 10:17
Original issue reported on code.google.com by
sker...@google.com
on 8 Jul 2009 at 3:03