Comment 2 for bug 26040
Revision history for this message
|
|
#2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
severity 340284 important
thanks
On Tue, Nov 22, 2005 at 12:36:46PM +0100, S. Thommerel wrote:
> To reproduce this bug:
> su root and then load firefox from the term. Then launch firefox from
> another unrelated and normal user terminal. The newly launched firefox reads root's
> profile and gets root's rights.
This is not true. They are not unrelated; they are associated with the same
display. firefox may not have worked as you expected, but it didn't give
you any more rights than you already had -- this worked because *you* ran su
from an X display that you were already logged into.
If I even just run ssh -CX root@localhost -f firefox instead of su'ing
directly, the firefox profiles are not shared. There is no evidence that
arbitrary users are going to be able to get into root's firefox session this
way.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://