| 2009-12-10 22:17:58 |
kpk187 |
description |
Binary package hint: unetbootin
This affects Ubuntu 9.10
The installed package version is "356-1"
Using the Ubuntu Software Center I installed UNetbootin. After the installation was done, I started UNetbootin from under System Tools in the Applications menu. The administration dialog asking for my user password appeared, I entered my password and UNetbootin started.
When I chose FreeBSD from the Distribution drop-down box and clicked the homepage link, I expected Firefox to open that website under my user account (which has all of my bookmarks and configuration). What happened instead was Firefox opened that web page like it was first started on a new user account. I thought Firefox might have started as root, so I bookmarked the FreeBSD homepage (which I had not bookmarked before) then closed Firefox and UNetbootin. I then started Firefox from the the Applications menu and had all of my configuration back but did not have the FreeBSD page in my bookmarks. I closed Firefox then opened a terminal window and entered "gksudo firefox" which I think should start Firefox as the root user. The administration dialog did not appear this time (maybe because I entered my password before), Firefox started like it did from UNetbootin, and the FreeBSD bookmark was there.
There is also a .mozilla directory in the /root folder, so I suspect that UNetbootin is starting Firefox as the root account, which I'm told is a security risk. I have also never started Firefox as root before today. Even if this is not a security risk, it is still a minor annoyance not having my bookmarks, add-ons, and configuration when I open links from UNetbootin.
This bug should be reproducible on fresh install of Ubuntu 9.10 with all updates installed before November 1st. |
Binary package hint: unetbootin
I am running Ubuntu 9.10 i386
The installed package version of unetbootin is "356-1"
The installed package version of unetbootin-translations is "356-1"
In unetbootin, if I click any of the webpage links, Firefox is launched with root privileges. Running a web browser as the root user can be a security risk.
To reproduce this bug:
(Assuming Firefox is set as your default web browser)
1. Launch unetbootin then click any of the webpage links. (this should start Firefox)
2. In the Gnome System Monitor, switch to the process tab and select All Processes from the View menu.
3. Go to Edit > Preferences and under Information Fields check the "User" box.
4. In the list of running processes you should see an instance of Firefox with the user column saying root.
|
|
