Цей вебсайт матиме обмежену функціональність, доки ми проводимо його обслуговування для поліпшення роботи. Якщо прочитана стаття не розв'язала вашу проблему і ви хочете поставити питання, наша спільнота підтримки з радістю допоможе вам на @FirefoxSupport у Twitter та /r/firefox на Reddit.

Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

isn't firefox's remote execution capability on linux a security violation?

  • 1 відповідь
  • 1 має цю проблему
  • 1 перегляд
  • Остання відповідь від John99

more options

If I run firefox remotely on a different machine over a secure connection without using the --no-remote option, it starts locally instead.

Also, if I have a secure connection to a remote machine where firefox is running (without --no-remote), and I start firefox locally, the remote instance paints a window on the screen.

How does that work? Are only X facilities used? Which ones? Also, can someone point me to the files in the source version that implement this functionality, and whether there is a compile-time variable to disable it? A related question - if I build my own version according to the mozilla directions, can I expect it to be as fast as the pre-compiled version?


In the first case, take this example:

  $ ssh -fX remote xterm -ls
  $ firefox &

When I start firefox remotely in this configuration, I expect that it asks X to open a window and X sees that the graphic server is remote and paints a window there. Without firefox knowing about it.

I consider it a trojan horse that firefox should look around to determine what my configuration is. This is exactly what I don't want applications to do.

At the very least - i.e. without running a general inventory - it seems that firefox needs to ask if the graphics server is remote or not, and if so, it has to attempt to start an arbitrary executable (but hopefully only firefox) on the server machine.

That that kind of activism doesn't seem like infringement to others is amazing to me.

If I run firefox remotely on a different machine over a secure connection without using the --no-remote option, it starts locally instead. Also, if I have a secure connection to a remote machine where firefox is running (without --no-remote), and I start firefox locally, the remote instance paints a window on the screen. How does that work? Are only X facilities used? Which ones? Also, can someone point me to the files in the source version that implement this functionality, and whether there is a compile-time variable to disable it? A related question - if I build my own version according to the mozilla directions, can I expect it to be as fast as the pre-compiled version? In the first case, take this example: $ ssh -fX remote xterm -ls $ firefox & When I start firefox remotely in this configuration, I expect that it asks X to open a window and X sees that the graphic server is remote and paints a window there. Without firefox knowing about it. I consider it a trojan horse that firefox should look around to determine what my configuration is. This is exactly what I don't want applications to do. At the very least - i.e. without running a general inventory - it seems that firefox needs to ask if the graphics server is remote or not, and if so, it has to attempt to start an arbitrary executable (but hopefully only firefox) on the server machine. That that kind of activism doesn't seem like infringement to others is amazing to me.

Усі відповіді (1)

more options

It does not look as if anyone on this forum is going to answer. Developers are unlikely to see a post on this forum.

I suggest you either try to find a more suitable forum

where developers may find the post, or even consider filing a bug for this.