suid mystery
Dean S. Messing
deanm at sharplabs.com
Sat Dec 10 01:36:58 UTC 2011
I have a little suid mystery that perhaps someone would
kindly help me solve. I just discovered that the files and
symlinks in
/usr/lib64/mozilla/plugins-wrapped
get their "Modify time" updated each time I start firefox
as me (not root). I just re-started firefox (at 17:19)
and here is 'ls -l' of one of the files in the above dir:
-rwxr-xr-x 1 root avdt 140440 Dec 9 17:19 nswrapper_64_64.libflashplayer.so*
Now, I'm in group "avdt" so it is clearly "me" that
updated (or first created) this file. Yet the above
directory has these perms and ownership:
drwxr-xr-x 2 root root
Since neither the directory, nor the files have
group write permission, it seems that firefox must be suid
root in order to modify these files (if I understand
correctly). But neither the shell script
"/usr/bin/firefox", nor the executable that (I think) it
calls "/usr/lib64/firefox/firefox" has the SUID bit (nor
the SGID bit) set in its perms.
So how can it update these files? I did not think that firefox could
touch any of my "system" stuff.
I'm running F15 and firefox-8.0-3.fc15.x86_64, if that
makes any difference.
Thanks for your help!
Dean
More information about the users
mailing list