Bug 52123 - missing user id check in startup script
missing user id check in startup script
Status: CLOSED RAWHIDE
Product: Red Hat Public Beta
Classification: Retired
Component: mozilla (Show other bugs)
roswell
All Linux
high Severity medium
: ---
: ---
Assigned To: Christopher Blizzard
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-20 15:20 EDT by Need Real Name
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-30 16:19:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-08-20 15:20:45 EDT
Description of Problem:

The startup script does not check the user id when you start a second
mozilla browser on the same machine.

Version-Release number of selected component (if applicable):

0.9.3-x

How Reproducible:

Start mozilla as user1 and when it is running start mozilla as user2.

Actual Results:

When user2 is root: New window of the users mozilla with all preferences
and the ability to read email etc.
When user2 is not root: Error sending command.

Expected Results:

A new mozilla which belongs to user2.

Additional Information:
Comment 1 Need Real Name 2001-08-20 15:37:41 EDT
All mozilla 0.9 versions are affected.
Comment 2 Glen Foster 2001-08-21 16:28:38 EDT
We (Red Hat) should try to fix this before next release.
Comment 3 Alexander Larsson 2001-08-29 14:59:06 EDT
I took a look at this, and it is sort of hard to fix. It requires some changes
to the ns/moz remote invocation protocol.

If i were to do this i would tag each moz/ns window with a uid, and then have
mozilla -remote only look for mozilla windows that matched getuid().

I think doing that at this stage would be bad though, but it should be fixed in
the future.
Comment 4 Bill Nottingham 2001-08-29 22:28:35 EDT
As it stands, this is not a security bug; it requires access to the X display
anyway.
Comment 5 Christopher Blizzard 2001-08-30 16:19:48 EDT
Yeah, this in non-trivial to fix.  It's not going to make the next release for sure.
Comment 6 Christopher Blizzard 2002-01-25 15:39:56 EST
Fixed in rawhide.

Note You need to log in before you can comment on or make changes to this bug.