[clue-tech] How to hide plugins from your browser
Jed S. Baer
cluemail-jsb at freedomsight.net
Thu Sep 20 20:57:21 MDT 2007
On Wed, 19 Sep 2007 20:29:25 -0600
Jed S. Baer wrote:
> So now, unless I misunderstand something, Firefox will run as group
> flashuser, thus being able to access the flashplayer files. Galeon
> won't.
>
> jbaer at robinson:/usr/lib/firefox$ ls -l firefox
> -rwxr-sr-x 1 root flashuser 8625 2007-07-31 07:52 firefox
>
> jbaer at robinson:/usr/lib/firefox/plugins$ ls -l
> total 6904
> -rwxr----- 1 root flashuser 856 2007-09-19 20:01 flashplayer.xpt
> -rwxr-x--- 1 root flashuser 7040036 2007-09-19 20:01 libflashplayer.so
>
> (previously, perms on flashplayer.xpt were -r--r--r--)
>
> When I run Firefox, and navigate to a page with flash:
> LoadPlugin: failed to initialize shared
> library /usr/lib/firefox/plugins/libflashplayer.so
> [/usr/lib/firefox/plugins/libflashplayer.so: cannot open shared object
> file: Permission denied]
>
> So, what am I missing?
The small, but important fact that /usr/lib/firefox/firefox is a shell
script, and Linux ignores setgid on scripts.
So ... do the same thing to the actual
executable, /usr/lib/firefox/firefox-bin, and voila! NOT.
For some reason, when running with an effective GID of flashuser,
firefox-bin can't find libmozjs.so. Perms on that file are 644, so it
should make no difference what the effective gid is.
I might have to break down and actually read the firefox script, to see
if/how it's messing about with LD_LIBRARY_PATH.
jed
More information about the clue-tech
mailing list