>On Mon, 14 Jan 2013 18:15:29 +0100
>Aleksandar Kuktin <[email protected]> wrote:
>
> >On Mon, 14 Jan 2013 16:13:24 +0100
> >Thomas de Roo <[email protected]> wrote:
> >
> > Hello,
> >
> > Can somebody explain why the Java-plugin only works when it is a
> > symbolic link, but not when it is simply copied
> > to /usr/lib/mozilla/plugins?
> >
> > Groet,
> > Thomas
>
> Maybe it's a security hack on behalf of Mozilla.
>
> If the plugin is a file, than the file can be modified by the Firefox
> process in the event of an exploit code execution. However, if it is a
> link, specifically if it is a link to a root-only part of the tree
> (such as /usr ), then the plugin file can not be modified by malicious
> code which may take over Firefox.
>
> If the file was physically present in a Firefox writable directory,
> there would be no way to protect the file. However, if the file is in
> a directory Firefox can not modify, setting the permission flags on
> the plugin file will have a permanent effect in policing permissions.
>
Woops. You asked about /usr/lib/mozilla/plugins, and I told you
about ~/.mozilla/(...)/plugins.
Maybe the same code handles both paths?
--
You don't need an AI for a robot uprising.
Humans will do just fine.
--Skynet
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
