>On Mon, 14 Jan 2013 16:13:24 +0100
>Thomas de Roo <[email protected]> wrote:
>
> Hello,
>
> Can somebody explain why the Java-plugin only works when it is a
> symbolic link, but not when it is simply copied
> to /usr/lib/mozilla/plugins?
>
> Groet,
> Thomas
Maybe it's a security hack on behalf of Mozilla.
If the plugin is a file, than the file can be modified by the Firefox
process in the event of an exploit code execution. However, if it is a
link, specifically if it is a link to a root-only part of the tree
(such as /usr ), then the plugin file can not be modified by malicious
code which may take over Firefox.
If the file was physically present in a Firefox writable directory,
there would be no way to protect the file. However, if the file is in a
directory Firefox can not modify, setting the permission flags on the
plugin file will have a permanent effect in policing permissions.
--
You don't need an AI for a robot uprising.
Humans will do just fine.
--Skynet
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
