Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 2024-04-16, John Crawley wrote: > > If you do not trust Gmail as a web application, use a mail application > that supports IMAP. > Gmail supports IMAP since more or less forever. >>> >>> AIUI the OP's problem was not when reading mail, but with mail >>> submission of attachments. >> >> And in what way does that affect a true statement and a phraseology that >> clearly implies an nonexistent incompatibility? > > Loosen the interpretation of Max Nikulin's statement slightly: > "If you do not trust Gmail as a web application, use any mail application > that supports IMAP" > and it makes sense. > I've just loosened it.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 2024-04-16, Max Nikulin wrote: > > If you do not trust Gmail as a web application, use a mail application > that supports IMAP. Gmail supports IMAP since more or less forever. >>> >>> AIUI the OP's problem was not when reading mail, but with mail >>> submission of attachments. >> >> And in what way does that affect a true statement and a phraseology that >> clearly implies an nonexistent incompatibility? > > I am completely lost. Mail messages (with attachments) may be submitted It would've been clearer to have advised using another mail application, period, if the OP didn't trust Gmail. But the manner in which you phrased your advice implied that Gmail was a "web application" that didn't support IMAP, which is false, so I piped up (or is it in?) in my admittedly somewhat oblique (to the matter at hand) manner. But no harm, no foul, and all is well. The only real mystery is how Tomas resisted getting yet another lick in against Gmail and Google, et al. --
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On Mon 15 Apr 2024 at 18:52:33 (-), Curt wrote: > On 2024-04-15, David Wright wrote: > > On Sun 14 Apr 2024 at 14:24:29 (-), Curt wrote: > >> On 2024-04-04, Max Nikulin wrote: > >> > > >> > If you do not trust Gmail as a web application, use a mail application > >> > that supports IMAP. > >> > > >> > >> Gmail supports IMAP since more or less forever. > > > > AIUI the OP's problem was not when reading mail, but with mail > > submission of attachments. > > And in what way does that affect a true statement and a phraseology that > clearly implies an nonexistent incompatibility? It doesn't, and wasn't intended to. The OP was worried about security of the attachment process during mail submission. IMAP is not involved. I'm told that gmail offers an SMTP interface, but I don't know how well it works, or its pros and cons. That's why I wrote "the OP's problem was … with mail submission …", in case that had got forgotten with the thread drifting across to the topic of reading emails. Clearer? Cheers, David.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 16/04/2024 01:52, Curt wrote: On 2024-04-15, David Wright wrote: On Sun 14 Apr 2024 at 14:24:29 (-), Curt wrote: On 2024-04-04, Max Nikulin wrote: If you do not trust Gmail as a web application, use a mail application that supports IMAP. Gmail supports IMAP since more or less forever. AIUI the OP's problem was not when reading mail, but with mail submission of attachments. And in what way does that affect a true statement and a phraseology that clearly implies an nonexistent incompatibility? I am completely lost. Mail messages (with attachments) may be submitted to gmail using SMTP. Certainly it is possible to use different applications to read and to send mails, but by default I assume that users seek for a complete solution. I had a hope that my suggestion to use some mail user agent that support IMAP was clear enough. I expect that most of them (at least wide spread) support submission of mail as well. Use code you trust and protocols having specifications available. I admit that some users have troubles with OAuth2 authentication in various MUAs or with enabling application-specific passwords for their google account.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 16/04/2024 03:52, Curt wrote: On 2024-04-15, David Wright wrote: On Sun 14 Apr 2024 at 14:24:29 (-), Curt wrote: On 2024-04-04, Max Nikulin wrote: If you do not trust Gmail as a web application, use a mail application that supports IMAP. Gmail supports IMAP since more or less forever. AIUI the OP's problem was not when reading mail, but with mail submission of attachments. And in what way does that affect a true statement and a phraseology that clearly implies an nonexistent incompatibility? Loosen the interpretation of Max Nikulin's statement slightly: "If you do not trust Gmail as a web application, use any mail application that supports IMAP" and it makes sense. -- John
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 2024-04-15, David Wright wrote: > On Sun 14 Apr 2024 at 14:24:29 (-), Curt wrote: >> On 2024-04-04, Max Nikulin wrote: >> > >> > If you do not trust Gmail as a web application, use a mail application >> > that supports IMAP. >> > >> >> Gmail supports IMAP since more or less forever. > > AIUI the OP's problem was not when reading mail, but with mail > submission of attachments. And in what way does that affect a true statement and a phraseology that clearly implies an nonexistent incompatibility? > Cheers, > David. > > --
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On Sun 14 Apr 2024 at 14:24:29 (-), Curt wrote: > On 2024-04-04, Max Nikulin wrote: > > > > If you do not trust Gmail as a web application, use a mail application > > that supports IMAP. > > > > Gmail supports IMAP since more or less forever. AIUI the OP's problem was not when reading mail, but with mail submission of attachments. Cheers, David.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 2024-04-04, Max Nikulin wrote: > > If you do not trust Gmail as a web application, use a mail application > that supports IMAP. > Gmail supports IMAP since more or less forever.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 31/03/2024 22:35, David Wright wrote: On Sun 31 Mar 2024 at 09:42:37 (+0300), Antti-Pekka Känsälä wrote: But I'm worried my Gmail in Firefox is capable of stealing files off my USB stick. I've no answer for that, particularly in view of Max's reply to my previous post. I've always copied files to and from USB sticks, floppy disks, CDs, etc), using the hard disk as a staging area. I think, it is a reasonable approach when combined with other measures. Frankly speaking, I am not convinced that there is something weird with Gmail and Firefox. If you do not trust Gmail as a web application, use a mail application that supports IMAP. Isolate applications you do not trust and do not expose your private files to them. There is a number of possibilities, but neither is perfect: - multiple system users and file permissions combined with ACLs - virtual machines - mount, user and other namespaces, e.g. the following options - containers - tools like firejail and bubblewrap - flatpak and snap (designed for some kind of isolation, but I am unsure if it may be configured to specific needs) Mount a USB drive to a trusted environment and copy specific files to a location available to a suspicious application.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
I filed bug report 1068122. I feel fine, despite my concern over my data. Heartfelt thanks for all the advice!
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On Sun 31 Mar 2024 at 09:42:37 (+0300), Antti-Pekka Känsälä wrote: > I'm mounting and unmounting through the stick icon's menu on Xfce desktop. > Maybe a fancy file chooser dialogue stays around analyzing the directory, > as you suspect? But I'm worried my Gmail in Firefox is capable of stealing > files off my USB stick. I've no answer for that, particularly in view of Max's reply to my previous post. I've always copied files to and from USB sticks, floppy disks, CDs, etc), using the hard disk as a staging area. That habit developed thirty years ago on account of (other's) experience with Windows, and the "stickiness" of its file choosers. This could lead to problems when you attempted to renavigate to files, but hadn't got the same devices plugged in as previously. That's not much help to you because by doing that, you'd merely be exposing your hard drive instead for analysis, to Firefox, or worse, possibly to Gmail. I run two instances of Firefox as a matter of course. One user's instance is used for banking and other administrative tasks. The other user's is for everything else. The latter is unable to read any of the former's files. (Some people use different machines to the same end.) Cheers, David.
Re: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
I'm mounting and unmounting through the stick icon's menu on Xfce desktop. Maybe a fancy file chooser dialogue stays around analyzing the directory, as you suspect? But I'm worried my Gmail in Firefox is capable of stealing files off my USB stick.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 31/03/2024 11:46, David Wright wrote: Double-clicking on the directory mounts it and displays the files in it. Opening a text file displays it. At least for a small file, FF does not hold the file open, so I can immediately unmount the stick. Gmail may do something more fancy - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file - https://developer.mozilla.org/en-US/docs/Web/API/File_System_API I am not surprised that the device is busy for some interval of time.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On Sat 30 Mar 2024 at 21:06:27 (+0200), Antti-Pekka Känsälä wrote: > I was able to replicate this, by trying to send gmail to myself in Firefox, > attaching a binary on a mounted USB stick. Did you mount the stick yourself as a user (ie there's an fstab entry for it), or as root, or does an automounter mount it for you? > After the attachment supposedly > was uploaded, I tried to unmount the stick, but it blocks. "lsof | grep -i > KINGSTON" then shows a total of 129 lines from "x-www-browser". This lasted > for about a minute, then the drive unmounted by itself. This is the behaviour I see, where (1) inserting a stick creates a mountpoint and (2) that mountpoint is referenced in /etc/fstab: After typing Ctrl-O in Firefox, I navigate to /media/foo (the mountpoint that was created). Double-clicking on the directory mounts it and displays the files in it. Opening a text file displays it. At least for a small file, FF does not hold the file open, so I can immediately unmount the stick. That may differ if, for example, a mail MUA or MTA is taking a lot of time to process an attached file. So I suspect you may be relying on an automounter to mount the stick, and you have to wait for a period of inactivity to time out before it decides you've probably finished with it. Cheers, David.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 3/30/24 08:17, Antti-Pekka Känsälä wrote: What could be the deal, when Firefox tries to stop me from unmounting a stick, after I've accessed files on it through Firefox? I worry about my stick security. Thanks. Linux knows what files are open on each file system. If you try to unmount a file system with open files or eject a mounted USB drive with open files, Linux will refuse and your desktop environment will display a suitable error dialog. This is a feature, not a bug. The solution is to close all the files on the file system, and then unmount it. David
Re: Re: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
I'd just like to add that I have seen the problem despite reinstalls with Debian stable minor versions. Thanks!
Re: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On Sat, Mar 30, 2024 at 07:32:16PM +0200, Antti-Pekka Känsälä wrote:
> Yes, closing Firefox does allow the stick to unmount cleanly, but I still
> worry.
To get an idea of what's going on, you can use "lsof":
tomas@trotzki:~$ lsof /dev/sda1
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash3982 tomas cwdDIR8,1 40962 /boot
hexdump 4056 tomas0r REG8,1 33464584 28
/boot/initrd.img-5.10.0-26-amd64
hexdump 4074 tomas0r REG8,1 7044672 27
/boot/vmlinuz-5.10.0-26-amd64
There are three processes accessing my /dev/sda1 ("aka" /boot). I put
them there to have something to show :-)
Cheers
--
t
signature.asc
Description: PGP signature
Re: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
I can replicate this, by trying to send Gmail to myself in Firefox, attaching a binary on a mounted USB stick. After the attachment supposedly was uploaded, I tried to unmount the stick, but it blocked. "lsof | grep -i KINGSTON" then shows a total of 129 lines from "x-www-browser". This lasted for about a minute, then the drive unmounted by itself.
Re: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
I was able to replicate this, by trying to send gmail to myself in Firefox, attaching a binary on a mounted USB stick. After the attachment supposedly was uploaded, I tried to unmount the stick, but it blocks. "lsof | grep -i KINGSTON" then shows a total of 129 lines from "x-www-browser". This lasted for about a minute, then the drive unmounted by itself.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On Sat, 30 Mar 2024 17:17:52 +0200 Antti-Pekka Känsälä wrote: > What could be the deal, when Firefox tries to stop me from unmounting > a stick, after I've accessed files on it through Firefox? I worry > about my stick security. Thanks. It sounds like Firefox has a file open on the stick. To check this, run something like lsof | grep -i offsite where offsite is in the path to the stick. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On Sat, Mar 30, 2024 at 1:19 PM gene heskett wrote: > > On 3/30/24 11:36, Antti-Pekka Känsälä wrote: > > What could be the deal, when Firefox tries to stop me from unmounting a > > stick, after I've accessed files on it through Firefox? I worry about > > my stick security. Thanks. > > Since this is normally a root operation, I'm confused. Likely what it > means is that you have an open write path from firefox to the stick that > has not been properly closed. I get into a similar state working with > u-sd's using mc to edit something I have used mc to cd to, and forget to > cd back out of the u-sd before I eject the card to take it to its proper > home in a pi clone. Possibly fixed by stopping firefox first? The other thing I try with this is to run something like: $ mount|grep sda2 The "sda2" can be replaced with whatever else is involved. That filters out a hopefully small(er) list to show if something is unusually mounted. Running "mount" alone opens up the whole list. Going that route helped me in chroot a couple days ago. An unbelievable number of /proc, /sys, /dev, and /dev/pts mount points appeared. I only manually mounted them once each. Manually umount'ing each point until none were left fixed whatever trouble that seemed to inflict on apt-get. Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with birdseed *
Re: Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
Yes, closing Firefox does allow the stick to unmount cleanly, but I still worry.
Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick
On 3/30/24 11:36, Antti-Pekka Känsälä wrote: What could be the deal, when Firefox tries to stop me from unmounting a stick, after I've accessed files on it through Firefox? I worry about my stick security. Thanks. Since this is normally a root operation, I'm confused. Likely what it means is that you have an open write path from firefox to the stick that has not been properly closed. I get into a similar state working with u-sd's using mc to edit something I have used mc to cd to, and forget to cd back out of the u-sd before I eject the card to take it to its proper home in a pi clone. Possibly fixed by stopping firefox first? Cheers, Gene Heskett, CET. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis
