Bug 178040 - Opens browser window as r00t
Summary: Opens browser window as r00t
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: firestarter
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Michael A. Peters
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-01-17 15:41 UTC by Michael A. Peters
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-01-30 22:31:50 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Removes launching of browser from help menu (1.80 KB, patch)
2006-01-17 16:13 UTC, Michael A. Peters
no flags Details | Diff

Description Michael A. Peters 2006-01-17 15:41:24 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060103 Fedora/1.5-4 Firefox/1.5

Description of problem:
When firestarter is running, it is running as root via consolehelper.
In the Help menu is a selection for online users manual.
If selected, it opens a browser window as the root user to an external website.

In the event that there is a browser exploit and the external website is hacked, this could result in a compromise.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. launch firestarter
2. Go to help menu
3. Choose Online Users' Manual
  

Actual Results:  Opens an external website as the root user

Expected Results:  Launched web documentation for applications that run as root should be on the local machine.

Additional info:

Comment 1 Michael A. Peters 2006-01-17 15:46:15 UTC
It would actually be better to not have it open a browser window at all.

Comment 2 Michael A. Peters 2006-01-17 16:13:16 UTC
Created attachment 123303 [details]
Removes launching of browser from help menu


Note You need to log in before you can comment on or make changes to this bug.