Ubuntu
firestarter package

Firestarter Help runs Firefox as root

Bug #569 reported by Stuart Bishop
20
Affects Status Importance Assigned to Milestone
firestarter (Ubuntu)
Fix Released
High
MOTU Reviewers Team
Nominated for Feisty by JKFuhrmann
Nominated for Gutsy by JKFuhrmann

Bug Description

Choosing items from the Help menu fires off my preferred webbrowser to load the documentation

Choosing items from the Help menu fires off my preferred webbrowser to load the documentation. Unfortunatelly, as Firestarter is running as root so too is the spawned web browser.

See original description
Daniel Holbach (dholbach)
Changed in firestarter:
assignee: nobody → gnome
Daniel Holbach (dholbach)
Changed in firestarter:
assignee: gnome → motu
sam tygier (samtygier)
Changed in firestarter:
status: Unconfirmed → Confirmed
Revision history for this message
towsonu2003 (towsonu2003) wrote :

to confirm and to add my thoughts:

In Dapper Beta2 LiveCD, Firefox will be launched with root privileges thru Firestarter Help, risking the installation by:

1. opening up the system to firefox bugs
2. user may continue browsing with firefox, not knowing that s/he's browsing with ROOT privileges, opening up the system to firefox vulnerabilities.

Can't we use yelp, or make firestarter launch help with sudo'ing user's privileges?

Revision history for this message
Vassilis Pandis (pandisv) wrote : Patch that fixes this

This patch fixes the problem for me. Please double-check it though, I may have done something stupid. Thanks.

Revision history for this message
Vassilis Pandis (pandisv) wrote : Improvement on previous patch

Don't forget gnome_url_show in preferences.c

Revision history for this message
Vassilis Pandis (pandisv) wrote :

Attached is a debdiff to fix this issue:

firestarter (1.0.3-1.2ubuntu2) edgy; urgency=low

  * Add "GNOME" to .desktop Categories (closes Ubuntu #42452, #42501)
  * Don't run browser as root (closes Ubuntu #569)

 -- Vassilis Pandis <email address hidden> Sat, 12 Aug 2006 04:31:15 +0300

Changed in firestarter:
assignee: motu → motureviewers
Revision history for this message
Barry deFreese (bddebian) wrote :

Uploaded. Please keep an eye out and close as Fix Released if all goes well. Thanks Vassilis.

Changed in firestarter:
status: Confirmed → Fix Committed
Revision history for this message
Vassilis Pandis (pandisv) wrote :

It's released. Thanks for uploading :-)

Changed in firestarter:
status: Fix Committed → Fix Released
Revision history for this message
towsonu2003 (towsonu2003) wrote :

why isn't this going to Dapper? this is a security update... and I don't see apt-get showing a firestarter update here.

Revision history for this message
Barry deFreese (bddebian) wrote :

You are right, this really should get updated in Dapper. I'll look into a security update for it. Thanks.

Revision history for this message
JKFuhrmann (bursar42) wrote :

This bug remains in Feisty. The Help menu continues to launch a web browser as root.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.