Summary: | On Firefox 10.0.5 you can get access mostly to any file content in /etc | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Emil <ecataranciuc> |
Component: | [OLD] Core system | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
Status: | RESOLVED INVALID | ||
Severity: | critical | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Emil
2012-07-30 11:37:44 UTC
The access of local files via file:// is intentional and not a bug. If you want this changed, contact upstream (but I doubt that they will). (In reply to comment #1) > The access of local files via file:// is intentional and not a bug. > > If you want this changed, contact upstream (but I doubt that they will). I understand that it is intentional. But it is wrong to provide access to system wide configuration files to users. As a user I am unable to see content of a lot of configuration files in /etc through bash then why would that be possible through Firefox? Isn't this a security threat? (In reply to comment #2) > (In reply to comment #1) > > The access of local files via file:// is intentional and not a bug. > > > > If you want this changed, contact upstream (but I doubt that they will). > > I understand that it is intentional. But it is wrong to provide access to > system wide configuration files to users. As a user I am unable to see > content of a lot of configuration files in /etc through bash then why would > that be possible through Firefox? Isn't this a security threat? You can read exactly the same files you can as through bash. |