MEPIS Community Forum

A Linux operating system based on Debian Stable
View unanswered posts | View unsolved topics | View active topics |



Reply to topic  [ 5 posts ] 
Where to Install Firefox from a Security Standpoint? 
Author Message
MEPIS Enthusiast
MEPIS Enthusiast
User avatar

Joined: Mon Feb 12, 2007 1:45 pm
Posts: 5568
Location: Penn's Woods
Has thanked: 767 times
Have thanks: 620 times
Post # 279821
Post Where to Install Firefox from a Security Standpoint?
There seem to be two schools of thought regarding where to install the Firefox .tar.bz2 files on a Linux system. MEPIS recommends installing Fiirefox in the /opt folder, whereas some Mozilla "How Tos" instruct the user to install it in /home/username.

I understand that installing Firefox in /opt allows all users on the same computer to run Firefox from their own accounts, while not allowing non-administrative users to change the Firefox settings. In my case, I only have one user account on my computer and physical access to the machine is limited to very few family members whom I trust. (I have blocked certain classes of web sites through Open DNS filters just as a precaution). Thus, I find installing Firefox in /home/username to be quite convenient and straightforward, although I still have some nagging doubts about the security of this arrangement.

Question #1: From the standpoint of Internet security alone, would it matter one way or another whether Firefox is installed in /opt or /home/username? In other words, would the likelihood and/or consequences of a cyber attack be any different either way?

Question #2: With Firefox installed in /opt, would each of the users accounts have its own ~/.mozilla/firefox directory where changes to the local Firefox settings could me made without having administrator privileges? For example, could each user install his or her own Firefox add-ons and extensions?

_________________
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver


Sat Jul 23, 2011 11:52 am
Profile
MEPIS Guide
MEPIS Guide
User avatar

Joined: Mon Jun 30, 2008 8:06 pm
Posts: 2952
Has thanked: 52 times
Have thanks: 376 times
Post # 279822
Post Re: Where to Install Firefox from a Security Standpoint?
where is really irrelevant. what matters is the permissions assigned to the files and the install program will set them accordingly.

each user has their own .mozilla directory off their home directory and each user is capable of installing their own extensions, have their own profile, etc.

there's no benefit to telling it to install in a different location. in fact, you may find that some programs that rely on FF may have difficulties locating it.


Sat Jul 23, 2011 12:12 pm
Profile
MEPIS Guide
MEPIS Guide
User avatar

Joined: Sat May 16, 2009 3:59 pm
Posts: 2896
Has thanked: 414 times
Have thanks: 444 times
Post # 279832
Post Re: Where to Install Firefox from a Security Standpoint?
joany wrote:
I understand that installing Firefox in /opt allows all users on the same computer to run Firefox from their own accounts, while not allowing non-administrative users to change the Firefox settings.

Any "settings," i.e. extensions, preferences, or other tweakable items must be in a user-writable location, which is /username/.mozilla. All users will have their own .mozilla folder.

The /opt folder is not user-writable. Therefore, the binaries, executables, .so files, or scripts that make up Firefox can be modified only by root. This is a good thing.

Quote:
In my case, I only have one user account on my computer and physical access to the machine is limited to very few family members whom I trust. (I have blocked certain classes of web sites through Open DNS filters just as a precaution). Thus, I find installing Firefox in /home/username to be quite convenient and straightforward, although I still have some nagging doubts about the security of this arrangement.

Running the Firefox binaries in /home/username works beautifully too, except.... Now the core binaries are writable by any user, and can be modified, trashed, or even deleted (think malware).

Quote:
Question #1: From the standpoint of Internet security alone, would it matter one way or another whether Firefox is installed in /opt or /home/username? In other words, would the likelihood and/or consequences of a cyber attack be any different either way?

Absolutely. Imagine that malware targeting Firefox gets onto your system while you're surfing, a scenario not outside reality. Running with your /username privileges, it is free to do whatever it wants with your /home/username/firefox folder. It could not change anything in /opt/firefox however, because that is a root folder.

Quote:
Question #2: With Firefox installed in /opt, would each of the users accounts have its own ~/.mozilla/firefox directory where changes to the local Firefox settings could me made without having administrator privileges? For example, could each user install his or her own Firefox add-ons and extensions?

Yes, exactly.

Even root gets its own .mozilla folder. If you've ever run Firefox as root, you will find a /root/.mozilla folder on your drive. It will have no extensions, themes, or other preferences set until or unless you set them (as root).

The object of the game is to not be taken by surprise, as Redmond is continuously, because of carelessness, complacency, or a false sense of security. This is the reason that all executables in Linux are in root folders, making mischief far more difficult.

This might be gratuitous, but just for completeness, here's how I do it:

  • Start Dolphin as root.
  • Copy the FF tarball to /opt.
  • Right-click it and "Extract to Here..."
  • Delete the tarball.
  • Exit Dolphin.
  • Modify the Kmenu entry with the complete path, /opt/firefox/firefox. Update the location of the icon. Delete and then re-create my Panel icon.
  • Start System Settings --> Default Applications. Set the complete path to FF, /opt/firefox/firefox.

That's it. The only difference now is that you must start Firefox as root in order to update it.

_________________
Gigabyte 990FXA-UD3, AMD FX-6100 hex-core, 3.3GHz, Radeon HD6570
Gigabyte A55M-DS2, AMD A4-3400 dual-core APU (llano), 2.7 GHz, Radeon HD graphics
IBM ThinkPad T43, Intel Pentium M, 1.73GHz, Intel chipset


Sat Jul 23, 2011 2:22 pm

DBeckett thanked by: carlnyc, joany
Profile
MEPIS Enthusiast
MEPIS Enthusiast
User avatar

Joined: Mon Feb 12, 2007 1:45 pm
Posts: 5568
Location: Penn's Woods
Has thanked: 767 times
Have thanks: 620 times
Post # 279840
Post Re: Where to Install Firefox from a Security Standpoint?
@ DBeckett

Thanks for the good advice. You've made a convert out of me. Firefox now resides in /opt instead of /home/username.

As an added level of security, I installed a Firefox add-on named Public Fox, which forces the use of a password to make any modifications to FF Preferences, about:config settings, bookmarks, etc. It's a good thing to have when there are kids in the house. :wink:

_________________
MX-14; 3.12-0.bpo.1-686-pae kernel using 4GB RAM
2.4GHz AMD Athlon 4600+
NVidia GeForce 6150 LE; 304.121 Display Driver


Sat Jul 23, 2011 7:55 pm
Profile
MEPIS Guide
MEPIS Guide
User avatar

Joined: Sat May 16, 2009 3:59 pm
Posts: 2896
Has thanked: 414 times
Have thanks: 444 times
Post # 279853
Post Re: Where to Install Firefox from a Security Standpoint?
.
Public Fox is one I've never heard of, but it seems to fit the bill for someone with little people around.

_________________
Gigabyte 990FXA-UD3, AMD FX-6100 hex-core, 3.3GHz, Radeon HD6570
Gigabyte A55M-DS2, AMD A4-3400 dual-core APU (llano), 2.7 GHz, Radeon HD graphics
IBM ThinkPad T43, Intel Pentium M, 1.73GHz, Intel chipset


Sun Jul 24, 2011 12:31 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 5 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.