[Bug 1174007] Re: release upgrader launches browser as root

Jed Davis 1174007 at bugs.launchpad.net
Wed Apr 4 02:21:50 UTC 2018 

FYI, this is going to break in Firefox 60.

Running Firefox like this (as root in a non-root user's session) has
never officially been supported, due to the risk of creating root-owned
files that the user can't delete, potentially being a privilege
escalation vector, etc.  However, this hasn't been enforced.

Until now.  There are sandboxing changes coming in 60 that will, as a
side effect, break "sudo firefox"-type use.  Currently the browser UI
will start but fail to load anything, but that's not very helpful for
understanding what went wrong, so the plan is to refuse to start and
print an error message; see
https://bugzilla.mozilla.org/show_bug.cgi?id=1323302

** Bug watch added: Mozilla Bugzilla #1323302
   https://bugzilla.mozilla.org/show_bug.cgi?id=1323302

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1174007

Title:
  release upgrader launches  browser as root

Status in ubuntu-release-upgrader package in Ubuntu:
  Confirmed

Bug description:
  1. I launch Software Updater, then choose "Upgrade..." to initiate the 13.04 upgrade
  2. I am asked fot password
  3. A window with release notes pops up

  PROBLEM:
  4. I click the URL to view release notes
  5. A pop-up window complains "Chromium cannot be run as root." (despite Firefox being my default browser)
  6. Firefox is launched as root

  EXPECTED:
  Software Center should honour my default browser and definitely not run it as root.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.10
  Package: software-center 5.4.1.4
  Uname: Linux 3.9.0-030900rc8-generic x86_64
  ApportVersion: 2.6.1-0ubuntu10
  Architecture: amd64
  Date: Sun Apr 28 18:06:34 2013
  InstallationDate: Installed on 2012-11-02 (176 days ago)
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
  MarkForUpload: True
  PackageArchitecture: all
  SourcePackage: software-center
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1174007/+subscriptions

More information about the foundations-bugs mailing list