Bug 445111 - Firefox leaks file descriptors to external applications
Firefox leaks file descriptors to external applications
Status: ASSIGNED
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: firefox (Show other bugs)
5.3
All Linux
low Severity high
: ---
: ---
Assigned To: Denise Dumas
desktop-bugs@redhat.com
: Reopened, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-03 17:32 EDT by Juliano F. Ravasi
Modified: 2014-01-29 06:23 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-25 20:14:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test script for reproduction (50 bytes, text/plain)
2009-07-23 14:52 EDT, Matěj Cepl
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 147659 None None None Never
Mozilla Foundation 372734 None None None Never

  None (edit)
Description Juliano F. Ravasi 2008-05-03 17:32:46 EDT
Description of problem:
Both Firefox and Thunderbird (probably SeaMonkey too) are leaking file
descriptors to external applications that they execute.

Version-Release number of selected component (if applicable):
firefox-2.0.0.14-1.fc7
firefox-2.0.0.14-1.fc8
firefox-3.0-0.60.beta5.fc9.x86_64
thunderbird-2.0.0.12-1.fc7
thunderbird-2.0.0.14-1.fc9.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Install zenity if not installed (used to demonstrate the bug).
2. Create an executable ~/firefox-test.sh script, containing:

    #!/bin/sh
    ls -l /proc/$$/fd | zenity --text-info

3. Start firefox.
4. Access menu Edit->Preferences, go to Applications tab.
5. Set the ~/firefox-test.sh script as the handler for "mailto" content type.
6. Type "mailto:example@example.com" in the address bar and press Enter.
  
Actual results:
The test script shows that it has all firefox file descriptors in its descriptor
table.

Expected results:
The external application should be executed in a clean environment, without any
access to Firefox file descriptors.

Additional info:
It is difficult to exploit this vulnerability, but since it is descriptor
leakage, it should be considered critical.

The worst scenario I can see is some external application invoked by the browser
(ex: IRC client) having my password database, e-mails, browser history and other
sensitive data in its descriptor table. Firefox inherits the vulnerabilities of
all its invoked external applications. Perhaps, this could also be used to
insert a sort of client-side man-in-the-middle attack, by making a child process
steal Firefox descriptors.
Comment 1 Josh Bressers 2008-05-13 14:05:07 EDT
I'm removing the Security keyword.  This is a bug, but it's not really a
security issue.

This is a problem I agree, but it's really more of a correctness issue than
anything else.  The upstream bug explains it better than I can:
https://bugzilla.mozilla.org/show_bug.cgi?id=147659#c9
Comment 2 Bug Zapper 2008-05-14 06:36:27 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 3 Matěj Cepl 2008-07-25 20:14:18 EDT
We have decided given that this bug has been registered in the upstream database
(https://bugzilla.mozilla.org/show_bug.cgi?id=147659) and because we believe
that it is more appropriate to let it be resolved upstream, to close this bug as
UPSTREAM.

Red Hat will continue to track the issue in the centralized upstream bug
tracker, and will review any bug fixes that become available for consideration
in future updates.

Thank you for the bug report.
Comment 4 Mike A. Harris 2009-07-23 03:30:23 EDT
Just a note...  The upstream bug was filed in 2002, presumably against Mozilla, so this is a very very long term bug that causes all sorts of problems for many people, including most annoyingly blocking the audio device requiring the user to manually go killing processes such as xpdf, acrobat, and other plugins and application helpers, etc.

This is an extreme inconvenience to Red Hat Enterprise Linux customers, Fedora users, etc. and as Linux becomes more attractive on the desktop, bugs like this stand in the way of making the desktop more usable for them IMHO.

I agree that it is good to track the upstream issue, but I think this should be re-evaluated by Red Hat for RHEL6 / Fedora for F12 as a desktop usability bugfix candidate.  Upstream probably will not commit a Linux-only fix for the problem, but Fedora/RHEL could potentially include such a workaround until a more portable solution is created for upstream by someone.

Could we reopen this to keep this on the radar as a potential Fedora 12/RHEL6 candidate bug to fix, and put it on a tracker bug for investigation?  If it doesn't make the cut, perhaps we can try again for F13 or later timeframe.

Do any of the mozilla contributors @ Red Hat have any comments/suggestions (other than what's in the upstream bug) as to what approach might work best or at least be considered for RHEL/Fedora?  I don't mind having a look into this myself, but would appreciate some guidance if someone more familiar with the source could comment.

Thanks guys.
Comment 5 Matěj Cepl 2009-07-23 12:27:46 EDT
For Chris to investigate further.
Comment 6 Matěj Cepl 2009-07-23 12:38:09 EDT
OK, and I can fully reproduce with
firefox-3.5.1-1.fc11.x86_64
xulrunner-1.9.1.1-1.fc11.x86_64
Comment 7 Matěj Cepl 2009-07-23 14:52:03 EDT
Yes, can reproduce with firefox-3.0.11-2.el5_3 and firefox-3.0.11-2.el5_3 on RHEL 5.
Comment 8 Matěj Cepl 2009-07-23 14:52:54 EDT
Created attachment 354906 [details]
test script for reproduction
Comment 9 Mike A. Harris 2010-03-30 17:05:32 EDT
Just as a datapoint, this problem is reproduceable in firefox 3.0, 3.5, 3.6 codebases still.  (OS distribution, release, etc. doesn't make a difference due to the nature of the problem)
Comment 11 Mike A. Harris 2012-06-11 18:03:00 EDT
Just reviewing bugs I'm CC'd on and thought I'd give a small update here.  The upstream bug on this (linked to above), is still open so the problem is now 12 years old.  That's award worthy!  ;o)

Unable to easily confirm the problem on RHEL or Fedora at the moment, but I
presume it is still present since the upstream bug hasn't been resolved.  The
end of the world is in 6 months so it might not be worth fixing now.  ;oP

Note You need to log in before you can comment on or make changes to this bug.