isn't firefox's remote execution capability on linux a security violation?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

isn't firefox's remote execution capability on linux a security violation?

Charles Smith-6
If I run firefox remotely on a different machine over a secure connection without using the --no-remote option, it starts locally instead.

Also, if I have a secure connection to a remote machine where firefox is running (without --no-remote), and I start firefox locally, the remote instance paints a window on the screen.

How does that work? Are only X facilities used? Which ones? Also, can someone point me to the files in the source version that implement this functionality, and whether there is a compile-time variable to disable it? A related question - if I build my own version according to the mozilla directions, can I expect it to be as fast as the pre-compiled version?


In the first case, take this example:

  $ ssh -fX remote xterm -ls
  $ firefox &

When I start firefox remotely in this configuration, I expect that it asks X to open a window and X sees that the graphic server is remote and paints a window there. Without firefox knowing about it.

I consider it a trojan horse that firefox should look around to determine what my configuration is. This is exactly what I don't want applications to do.

At the very least - i.e. without running a general inventory - it seems that firefox needs to ask if the graphics server is remote or not, and if so, it has to attempt to start an arbitrary executable (but hopefully only firefox) on the server machine.

That that kind of activism doesn't seem like infringement to others is amazing to me.

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: isn't firefox's remote execution capability on linux a security violation?

Boris Zbarsky

On 10/6/12 12:29 PM, Charles Smith wrote:
> How does that work? Are only X facilities used? Which ones? Also,
> can someone point me to the files in the source version that
> implement this functionality, and whether there is a compile-time
> variable to disable it?

Some combination of:

http://mxr.mozilla.org/mozilla-central/source/widget/xremoteclient/XRemoteClient.cpp
http://mxr.mozilla.org/mozilla-central/source/toolkit/components/remote/nsXRemoteService.cpp
http://mxr.mozilla.org/mozilla-central/source/widget/xremoteclient/mozilla-xremote-client.cpp

There is no configure option for this, but you may be able to edit
configure.in to make xremote not build.  Right now that choice is made
based on target widget toolkit.

> A related question - if I build my own version according to the
> mozilla directions, can I expect it to be as fast as the pre-compiled
> version?

Yes, if you actually use the same build environment.

> When I start firefox remotely in this configuration, I expect that it
> asks X to open a window and X sees that the graphic server is remote
> and paints a window there. Without firefox knowing about it.

Yes.

> I consider it a trojan horse that firefox should look around to
> determine what my configuration is. This is exactly what I don't
> want applications to do.

Firefox just asks X for existing running Firefox windows and sends X
messages to them.  It doesn't do any "determine what my configuration
is".  In fact, there are bug reports asking for it to do just that and
NOT do xremote across processes running on different machines...

> At the very least - i.e. without running a general inventory - it
> seems that firefox needs to ask if the graphics server is remote or
> not, and if so, it has to attempt to start an arbitrary executable
> (but hopefully only firefox) on the server machine.

I'm not sure what you're talking about here, honestly.  Is this your
guess as to what Firefox is doing (if so, it's an incorrect guess) or a
suggestion for what it _should_ do?

-Boris

_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network
Reply | Threaded
Open this post in threaded view
|

Re: isn't firefox's remote execution capability on linux a security violation?

Christian Biesinger-2
In reply to this post by Charles Smith-6
On Sat, Oct 6, 2012 at 9:29 AM, Charles Smith <[hidden email]> wrote:
> If I run firefox remotely on a different machine over a secure connection without using the --no-remote option, it starts locally instead.

That is incorrect. xremote only has an effect if Firefox is already
running on that X server.

Also, this isn't really the right place for the question... not sure
which one is, maybe dev.tech.platform

-christian
_______________________________________________
dev-tech-network mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-network