Bug 52123 - missing user id check in startup script
Summary: missing user id check in startup script
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Public Beta
Classification: Retired
Component: mozilla   
(Show other bugs)
Version: roswell
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Christopher Blizzard
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-08-20 19:20 UTC by Need Real Name
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-30 20:19:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2001-08-20 19:20:45 UTC
Description of Problem:

The startup script does not check the user id when you start a second
mozilla browser on the same machine.

Version-Release number of selected component (if applicable):

0.9.3-x

How Reproducible:

Start mozilla as user1 and when it is running start mozilla as user2.

Actual Results:

When user2 is root: New window of the users mozilla with all preferences
and the ability to read email etc.
When user2 is not root: Error sending command.

Expected Results:

A new mozilla which belongs to user2.

Additional Information:

Comment 1 Need Real Name 2001-08-20 19:37:41 UTC
All mozilla 0.9 versions are affected.

Comment 2 Glen Foster 2001-08-21 20:28:38 UTC
We (Red Hat) should try to fix this before next release.

Comment 3 Alexander Larsson 2001-08-29 18:59:06 UTC
I took a look at this, and it is sort of hard to fix. It requires some changes
to the ns/moz remote invocation protocol.

If i were to do this i would tag each moz/ns window with a uid, and then have
mozilla -remote only look for mozilla windows that matched getuid().

I think doing that at this stage would be bad though, but it should be fixed in
the future.


Comment 4 Bill Nottingham 2001-08-30 02:28:35 UTC
As it stands, this is not a security bug; it requires access to the X display
anyway.

Comment 5 Christopher Blizzard 2001-08-30 20:19:48 UTC
Yeah, this in non-trivial to fix.  It's not going to make the next release for sure.

Comment 6 Christopher Blizzard 2002-01-25 20:39:56 UTC
Fixed in rawhide.


Note You need to log in before you can comment on or make changes to this bug.