I'm running min browser for awhile now as my defaultbrowser in Slacko64 7.0. I really like it for its' simplicity.
Today i stumbled upon a possible security issue with min browser.
min browser, current version Min v1.24.0 Chromium v96.0.4664.174, runs as spot, so i expect it is not allowed to save things to /root or even interact with applications running as root.
What happend to me is, i selected some code and accidentially moved it a bit. I didn't expect it to appear in geany, which was running as root, immediately, but it did!
- Screenshot.gif (331.02 KiB) Viewed 425 times
Some more testing shows, it is not possible to download things to /root via save dialog, but by drag 'n drop to an open root window.
- min_dnd.jpg (81.65 KiB) Viewed 425 times
Randomly images get downloaded to the first open rox filer window when dragging without dropping them to another window...
Its' permission is
Code: Select all
# ls -l approximate-location.jpg
-rw-r--r-- 1 root root 74093 Jun 6 18:50 approximate-location.jpg
# Also some sites get downloaded to /root with wget when dragging the link.
I recall to have read a warning about a similar situation here on the forum, but i can't find it...
That's what i call scary 