Dmitry Smirnov: > On Sunday, 26 April 2020 9:25:06 AM AEST Ximin Luo wrote: >> The source code doesn't mention any particular reason, and one person on >> the upstream bug report mentions it in such an off-the-cuff and >> non-explanatory way I can't take it into account as a serious data point. >> We shouldn't just let a mere mention of "security" scare us into not >> touching stuff and using our own reasoning to fix bugs. >> >> And I *did* think about the possible security considerations, as I >> explained in my previous email, and derived my suggested patch based on >> these considerations. (FWIW, I have done and am doing various types of >> security work professionally, and I'm confident about this type of >> reasoning in general.) > > Did you consider the possibility of users having a mix of packaged and non- > packaged extensions? I think it is reasonable to contain/sandbox extensions > to prevent peeking to various file system locations through symlinks. > > Once Firefox is patched to allow symlinks, the threat might be from malicious > symlinks in non-packaged extensions. >
Yes, I covered this already. My suggested patch (B) would only traverse symlinks when the extension being loaded (the symlink being resolved) is itself underneath /usr/share/webext, other extensions would still not be allowed to traverse symlinks. Please do read through my first email in full. X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE https://github.com/infinity0/pubkeys.git
