[Bug 468050] Re: Clicking homepage link in UNetbootin opens page in Firefox as root

kpk187 kpk187 at gmail.com
Thu Dec 10 22:17:58 UTC 2009 

** Description changed:

  Binary package hint: unetbootin
  
- This affects Ubuntu 9.10
- The installed package version is "356-1"
+ I am running Ubuntu 9.10 i386
+ The installed package version of unetbootin is "356-1"
+ The installed package version of unetbootin-translations is "356-1"
  
- Using the Ubuntu Software Center I installed UNetbootin. After the
- installation was done, I started UNetbootin from under System Tools in
- the Applications menu. The administration dialog asking for my user
- password appeared, I entered my password and UNetbootin started.
  
- When I chose FreeBSD from the Distribution drop-down box and clicked the
- homepage link, I expected Firefox to open that website under my user
- account (which has all of my bookmarks and configuration). What happened
- instead was Firefox opened that web page like it was first started on a
- new user account. I thought Firefox might have started as root, so I
- bookmarked the FreeBSD homepage (which I had not bookmarked before) then
- closed Firefox and UNetbootin. I then started Firefox from the the
- Applications menu and had all of my configuration back but did not have
- the FreeBSD page in my bookmarks. I closed Firefox then opened a
- terminal window and entered "gksudo firefox" which I think should start
- Firefox as the root user. The administration dialog did not appear this
- time (maybe because I entered my password before), Firefox started like
- it did from UNetbootin, and the FreeBSD bookmark was there.
+ In unetbootin, if I click any of the webpage links, Firefox is launched with root privileges. Running a web browser as the root user can be a security risk.
  
- There is also a .mozilla directory in the /root folder, so I suspect
- that UNetbootin is starting Firefox as the root account, which I'm told
- is a security risk. I have also never started Firefox as root before
- today. Even if this is not a security risk, it is still a minor
- annoyance not having my bookmarks, add-ons, and configuration when I
- open links from UNetbootin.
+ To reproduce this bug:
  
- This bug should be reproducible on fresh install of Ubuntu 9.10 with all
- updates installed before November 1st.
+ (Assuming Firefox is set as your default web browser)
+ 
+ 1. Launch unetbootin then click any of the webpage links. (this should
+ start Firefox)
+ 
+ 2. In the Gnome System Monitor, switch to the process tab and select All
+ Processes from the View menu.
+ 
+ 3. Go to Edit > Preferences and under Information Fields check the
+ "User" box.
+ 
+ 4. In the list of running processes you should see an instance of
+ Firefox with the user column saying root.

** Summary changed:

- Clicking homepage link in UNetbootin opens page in Firefox as root
+ Clicking webpage links in UNetbootin starts Firefox with root privileges

-- 
Clicking webpage links in UNetbootin starts Firefox with root privileges
https://bugs.launchpad.net/bugs/468050
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list