On Tue, Dec 12, 2000 at 02:12:20PM -0300, Sebastian Silva wrote: > The thing is the default permissions for /usr/lib/mozilla are too tight. No, they're fine, Mozilla is just horrid about multiuser systems. > Mi solution was simply to give it all the permissions it wants (of > course > NOT setuid). This becomes a MAJOR MAJOR security risk; now anyone can install a trojan XPI file. > Could somebody tell us what the right permissions are? 755 for the directory, 755 (for binaries/scripts/libraries) and 644 (for configuration files). Mozilla unfortunately does not work well on multiuser systems. The Netscape engineers know this, and say instead to unpack it in every user's home directory. This is an equally bad solution. See http://bugzilla.mozilla.org/show_bug.cgi?id=41057. They liken installing XPI files to installing mod_perl (I'll let you judge the validity of comparing a web server module to a nearly mandatory end-user application). http://bugzilla.mozilla.org/show_bug.cgi?id=56429 is the same issue, but on Win2k. -- - Joe "piman" Wreschnig <piman@sacredchao.net> - http://www.sacredchao.net He who fights and runs away lives to run another day. -><-
Attachment:
pgpPrhSFQ5GFN.pgp
Description: PGP signature