A PC Magazine story examines the conventional wisdom of Firefox’s reputation for security (compared to IE) and finds that it’s probably more secure, but that it’s not so simple to just say so.
A PC Magazine story examines the conventional wisdom of Firefox’s reputation for security (compared to IE) and finds that it’s probably more secure, but that it’s not so simple to just say so.
From the article:
“And there are security problems in version 1.0.1 already, even if there are no advisories for them yet. For instance, on a multiuser machine, such as a Linux system, if one user running as root starts Firefox, and another non-root user starts Firefox, that non-root user’s instance of Firefox gains root privileges (bugzilla.mozilla.org/show_ bug.cgi?id=247412).”
Now I am glad that someone found this bug. However, surfing as root? Now, come on, people should know better.
Now I am glad that someone found this bug. However, surfing as root? Now, come on, people should know better.
Right! I was just going to mention that the main benefit of Firefox on Windows is that you’re not using a piece of software that has ties deep into the kernel (apparently).
On my linux machine, though, I have never even considered surfing as root. Is there a legitimate reason to???
Who the heck is surfing as root??
“And unlike Microsoft, when Mozilla fixes a bug it doesn’t release a patch for users. If you want to stick to release-level programs, your only option is to wait for the next general release; the upgrade to version 1.0.1 from 1.0 took about 3.5 months”
I guess you gotta do that with Microsoft, you simply wait until next patch comes out after 6 months and the patch released from Microsoft usually contains more vulnerabilities than before, so what I usually do it by prohibiting my IE and never use it even my FireFox can’t render it accurately.
It’s exactly like my WinXP, I’ve read somewhere saying that SP2 has more serious vulnerabilities fixed in SP1 but brings even more serious vulnerabilities. If you patched it to SP2 and you don’t have problems, it’s just because you are lucky.
My two cents.
You mean apart from the adrenalin rush. And being able to tell your friends how wild and crazy you are.
Sorry, I don’t have a real answer.
An idiot like me, on the personal unit, doing some system maintenance, goes to a known site to check a fact or pull down a tarball or something.
Anonymous: “And there are security problems in version 1.0.1 already, even if there are no advisories for them yet. For instance, on a multiuser machine, such as a Linux system, if one user running as root starts Firefox, and another non-root user starts Firefox, that non-root user’s instance of Firefox gains root privileges (bugzilla.mozilla.org/show_ bug.cgi?id=247412).”
This is not a problem with Firefox specifically; it’s a problem with the ability of Linux to properly isolate a user session.
To be clear on this, it is the business of the underlying operating system to prevent privilege escalation not applications running on top.
To be clear on this, it is the business of the underlying operating system to prevent privilege escalation not applications running on top.
I believe that really depends on what method of IPC the processes are talking in. I mean, if mysqld is running as root, certainly it is not the OS’s job to not allow a non-root process to have access to root-only things.
In Firefox’s case, I’m not sure who is to blame, but if they are running as separate instances and using shared memory or the like, its the Firefox’s teams fault, and probably why they have it marked as -their- bug.
But he didn’t say anything. For such a thesis; I expect more like 4 pages of text.
who is going to surf as root?
probably the same people that run with sissors in their hands.
i had to say it.
People RFBR
(Read the f* bug report)
As I understand the bug correcly:
The bug says that Firefox is started as ROOT and ‘NON ROOT’ at THE SAME DISPLAY. Because “THE SAME DISPLAY”,it is verry hard to exploit. Think about it why.
In a normal secure system you can’t open firefox in an display from another user. So the only way to exploit this bug, is go to the terminal it self and start firefox as non root. If you have physical access to a terminal, there are easier ways to hack the system than through firefox.
“is the business of the underlying operating system”
Nope, The point is when firefox detects that firefox is allready running at a display, it asked the running proces to create a new window. THis is used because no two instances can access the preferences at the same time. This has nothing to do with the OS
this is a good example of a “journalist” waking up one day to find a security announcements page on moz.org, and decided to make up a story about it.
#1) firefox has a whitelist for what sites can install XPIs, ie does not
#2) firefox has an autoupdater that could be leveraged for critical patches in the future. ie does not.
#3) firefox is an app, not part of the operating system. firefox bugs are nowhere near as devistating as ie bugs.
#5) activex has been proven to be a terrible implementation of a good idea. the jury is still out on firefox, but its kinda hard to imagine anything as dangerous to the end user.
the only reason for firefox to ever suck as bad as ie is if the mofo decides to stop working on it for a decade.
#2) firefox has an autoupdater that could be leveraged for critical patches in the future. ie does not.
Sure IE has one, it’s called “Windows Update”. It’s also quite a bit more effective.
I think the firefox updater is a horrible horrible design. The update icon is tiny, and it downloads the entire program again instead of a patch! If I didn’t know that it would appear, I probably would never have noticed the addition of that little icon.
What it should do, is pop up a dialog saying “Critical updates available”, and then download the few KB patch.
Many apps do the autoupdate thing corrrectly, firefox is definitely not one of them.
>Sure IE has one, it’s called “Windows Update”. It’s also quite a bit more effective.
If you want to play hard then you should know that Firefox has more updaters : up2date , swaret , apt-get etc.
But I won’t go that route, it shows ,because IE is so tightened to the OS , how insecure Windows is. And about effectivity , hmmmmmm , I don’t restart my computer after I update my Firefox to the next version via swaret.
[/i]If you want to play hard then you should know that Firefox has more updaters : up2date , swaret , apt-get etc. [/i]
Yes, sorry, I meant on Windows. Should have clarified that. A system wide package manager is superior to every app rolling their own updater anyway.
@mattb
To be fair, I do think they’re planning on changing it to download patches in the near future.
Wow, what a fair, balanced, objective article that was! Well done that man.
Giving root permission to users just because the root runs Firefox is an extremely serious problem. I don’t know why people feel like they should be making excuses for open source companies when they would never do the same for proprietary applications. True, a root user would not “surf the web”. However, could a root user possibly use Firefox to admin Samba or a million other stuff? If you aren’t allowed to run anything as root, then why even have the account?
Because anyone can write extentions, I’m afraid.
Also if Firefox becomes mainstream, virus writers might start targeting it.
(Please don’t ban me Eugenia)
Yeah, Firefox is really good… Too bad it screwed my bookmarks for the forth time this month. I guess only quality software can do that.
What it should do, is pop up a dialog saying “Critical updates available”, and then download the few KB patch.
Possible, but not a good idea for Firefox on Windows. Let me clarify this point. Firefox is open source, and thus there is more than one binary available. For instance if you install a http://moox.ws/tech/mozilla/firefox.htm“>moox then there is a good chance that a patch will bork things up from mozilla.org. Unless you can ensure that everyone modifies the updater in the code to get patches from elsewhere then the safest way to ensure coherency is to reinstall the entire package.
Since all preferences and extensions are stored in a personal profile, this doesn’t lead to any issues with Firefox on Windows. What’s the big deal anyways? Most people are on broadband anyways, and the ones that aren’t should be able to wait the five minutes it takes to download a 4 meg installer to protect themselves against identity theft and the like.
On the Linux end, you can either install the latest, compile from source or update via system wide package manager.
I see this affecting one kind of person, ignorant. On most secure oses I have used running as root takes an extra step is has warnings in all the documention that came with the system.
I was going to say two types, the second being those that run an os where the default user is a root user, but firefox being exploted is the least of your consernces if you always run as root by default. On that os every app could be a risk. Someone may use email, networking protocols, or even a scribt in a web page to do something to your pc.
(Note my intentional refrain from name calling. Still, with me naming no one inparticular, anyone have an idea of how many oses fit the description?)
Giving root permission to users just because the root runs Firefox is an extremely serious problem. I don’t know why people feel like they should be making excuses for open source companies when they would never do the same for proprietary applications. True, a root user would not “surf the web”. However, could a root user possibly use Firefox to admin Samba or a million other stuff? If you aren’t allowed to run anything as root, then why even have the account?
Ummm…Yes, I agree. IE, though, which is what we’re comparing Firefox to in this instance, is integrated into the NT5 kernel (apparently). Which is worse?
IE is always running in such a way that can comprimise your PC right doen to the core. Firefox is not.
We’re talking about Firefox on one platform (Linux) in a very special instance (a normal user running Firefox to browse the web while a root user uses firefox to administrate the system). I’m not saying it’s not a problem, I’m saying it’s a small one, in terms of instances in which it comes into play. And when it does come into play, Firefox on Linux could be considered to be as insecure as IE on Windows in MOST instances, couldn’t it?
Why to Open Source companies get so much flak for what MS can simply explain away? The core of this argument is that MS cannot create a version of Windows without IE integrated. W…T…F?!?!?
I seem to remember some sort court goings-on that broached this issue?
Giving root permission to users just because the root runs Firefox is an extremely serious problem. I don’t know why people feel like they should be making excuses for open source companies when they would never do the same for proprietary applications. True, a root user would not “surf the web”.
The problem is not with Firefox, it’s with using “su” to execute Firefox as root which elevates privileges but doesn’t change the variables to specify this is running as root.
The problem here is that when you execute Firefox only one instance can access your profile. If you “su” then the login shell still belongs to the user (as opposed to “su -l”), thus uses the users Firefox profile. Executing a subsequent Firefox will have the existing Firefox spawn another Window from the same process instance. This is NOT two Firefox processes both running as root, this is one Firefox processes opening two Windows. This is not an exploit. Firefox doesn’t magically make a second root process!
However, could a root user possibly use Firefox to admin Samba or a million other stuff? If you aren’t allowed to run anything as root, then why even have the account?
A regular user account with Firefox could be used to admin Samba. There is no need to do user level stuff as root, ever! The account is there to elevate privileges when necessary. The root account on *NIX is not there to properly run badly written applications like Administrator is on Windows. Different paradigms require different usage patterns, and *NIX is specifically written with multi-user (read non-admin) use in mind.
Possible, but not a good idea for Firefox on Windows. Let me clarify this point. Firefox is open source, and thus there is more than one binary available. For instance if you install a http://moox.ws/tech/mozilla/firefox.htm moox build then there is a good chance that a patch will bork things up from mozilla.org.
The updater simply has to check the md5sum of the exe. If it matches the mozilla exe, send a patch, if not, send a full install.
And anyway, the people running moox are the geeks out there. Normal users run the standard mozilla.org install.
benn: “Ummm…Yes, I agree. IE, though, which is what we’re comparing Firefox to in this instance, is integrated into the NT5 kernel (apparently). Which is worse?”
1. IE is not integrated into the windows Kernel, whoever told you that is an idiot or a liar.
2. IE is an simply a application which integrates itself into the GUI Shell (Explorer.exe) like many other applications can and do…
Tip if you didn’t know already: When the story comes from PC Magazine or other Ziff-Davis publications, expect that it will be thin on content, long on hype, and uninformed on opinions.
True, it might be informative. It might be well researched. It might not have a sensationalist hype spin to it. …yet, these positive attributes are not the norm for PC Magazine or ZD in general. It’s been a decade since I’ve read anything they put out that made me think ‘Wow, that was good, fair, and useful’.
1. IE is not integrated into the windows Kernel, whoever told you that is an idiot or a liar.
And yet MS were able to have IE kept integrated into the OS at the very least, with ties going deep, even in the face of the DOJ rulings.
2. IE is an simply a application which integrates itself into the GUI Shell (Explorer.exe) like many other applications can and do…
Then why has MS argues successfully that IE cannot be removed from the OS without compromising the it?
1. IE is not integrated into the windows Kernel, whoever told you that is an idiot or a liar.
2. IE is an simply a application which integrates itself into the GUI Shell (Explorer.exe) like many other applications can and do…
So, Microsoft lied when they said that IE could not be removed from Windows?
BTW, point taken on the kernel integration point, I was wrong.
“A regular user account with Firefox could be used to admin Samba. There is no need to do user level stuff as root, ever! The account is there to elevate privileges when necessary. The root account on *NIX is not there to properly run badly written applications like Administrator is on Windows. Different paradigms require different usage patterns, and *NIX is specifically written with multi-user (read non-admin) use in mind.”
I know it can, but let’s say you are using a combination of tools to admin the system. Let’s go even further and say you are busy troubleshooting the system. You have ten terminals open, fifteen different applications running to monitor various parts of the system, and you have Firefox open for the fast gui config of things. Maybe you should su into everything. But come on, do you really want to worry about su when your server is down. Besides, it’s not like you will be leaving your enterprise. Heck, you most likely wont leave the system. Should you really worry about SU? I know you will say “YES”, but I thought Linux was supposed to be secure. There are workarounds but never running Firefox as root is a bit ridiculous. Exactly which programs are safe to run as root?
Surfing as root is under Linux not a problem, but a XP user :rolleyes
If even software like Nero is made 4 Admins and u have 2 install no-admin-rights I don’t wonder, that we have the security problems.
I’m not trolling. I’ve got serious issues with FF – memory leaks and getting all resources (on win 2k and debian).
It occures in different situations so i can’t really check what and when smth goes wrong.
<OL>I’m not trolling. I’ve got serious issues with FF – memory leaks and getting all resources (on win 2k and debian).
It occures in different situations so i can’t really check what and when smth goes wrong.</OL>
As an experiment, turn off Flash. I’ve found most fragility and memory problems with Firefox vanish when Flash is disabled.
(I know, not much of an option these days, though to me it does show the likely reason for the problems.)
Generally, I like the feel of Firefox, but after twice losing my bookmarks, and having it crash many times probably due to memory usage (over 300mb sometimes) I’ve returned to Opera.
I do wish Firefox well, and if they can sort out these problems then it will be my main browser again, particularly as Opera seems to take an eternity to load up on my Windows 2000 box.
As for security, the nature of browsing these days seems to have an inherent risk.
“We’re talking about Firefox on one platform (Linux) in a very special instance (a normal user running Firefox to browse the web while a root user uses firefox to administrate the system).”
It’s more restricted than that: the user who can ‘exploit’ it has to be the SAME user who is already running firefox as root on the same display.
That is, if you don’t already have a root-owned firefox window open on your display, you can’t ‘exploit’ it. And if you do… well, you could just use that window instead!
The only risk I can see is that you might not realise that your new firefox window has the same root privs as the existing one, since you started it as a normal user, not as root.
I have run 2 instances of firefox on a single terminal of FreeBSD before and each one was different. Different histories and bookmarks. Root has it’s own preferences file if I am not mistaken. Would firefox have the bug under these circumstances, and is linux the same way? Does it’s root account have it’s own home dir that would hold a different copy of the preferences file?