Bug 394984: Elevated updates on OSX: Difference between revisions

Bug 394984: Elevated updates on OSX (view source)

1,016 bytes added , 1 September 2015

Added FAQ section

Confirmed users

15

edits

@@ Line 12: / Line 12: @@
 If the user was unable to enter admin credentials, or if the new ownership/permissions couldn't be set successfully, the update will fail and we will increment a counter in the user's profile. Once a threshold is hit, we will no longer attempt to stage an update and will direct the user to our website for a manual install (existing workflow).
+=== FAQ ===
+====== '''What's the risk of these additional permissions and/or the new group ownership if Firefox gets owned?''' ======
+The new proposal calls for setting the group ownership of Firefox to "wheel" and adding "write" permission for this group. Due to the fact that:
+# only an administrator can grant these additional permissions
+# the additional permissions are restricted to administrators
+# any administrator could already set these additional permissions manually
+# most apps installed via a .pkg installer (instead of a .dmg like Firefox) already set these same permissions on their apps
+# most users "own" Firefox.app because they installed it, so they already have rwx permissions
+there shouldn't be any additional risk in the case that Firefox gets owned.
+====== '''What happens when Firefox is updated?''' ======
+The ownership/permissions for new or changed files should be inherited from the main Firefox.app bundle, i.e. <username>:wheel and rwxrwxr-x (for executable files) or rw-rw-r--.