Security question
Lepefe opened this issue · 6 comments
Hello there!
With regards to fx-autoconfig and its potential security risks, please I would like to ask you if changing all attribute files to READ-ONLY, (including customized js scripts, especially boot.sys.mjs, changing every single file related to fx-autoconfig to read-only file), does this change will make fx-autoconfig safe?
Do you have any other security recommendation to be applied easily?
Always thank you for your great fx-autoconfig, and for your great css repo!
I suppose that depends on what you would consider "safe". Moreover, changing all your files to read-only won't make much of a difference because boot.sys.mjs tries to all files (with matching filename) from the scripts directory - so a malicious program could just drop a new file there. It would would be more meaningful to make the scripts directory itself read-only.
But let's say you would do that as well, I would still be hesitant to call it "safe" because there's a always a chance that I have messed up logic somewhere in the loader or that something the loader or something your custom script is doing would cause an security issue in some scenario.
I would say it's a tool, like a knife and it's only as safe as whoever uses that knife. But yes, making all the files and folders read-only would certainly help against most simple attacks.
Totally understood. Thank you. Let me change my vocabulary:
Let's ignore that there is a chance that you have messed up logic somewhere in the loader, or that something in the loader might cause a security issue in some scenario. Let's ignore unknown syntax script mistakes. Let's suppose syntax script is reasonably safe. And also let's suppose my customized js syntax scripts are safe.
In this context, if I make READ-ONLY every single directory and file related to fx-autoconfig (inside both, profile and program folders), I repeat, directories and files, everything changing to READ-ONLY, am I increasing security? Am I minimizing security risks?
Supposing your fx-autoconfig has not dangerous syntax mistakes, also supposing my customized js are safe, also supposing fx-autocing profile and program (directories and files) everything is READ-ONLY, and supposing fx-autoconfig can only loads scripts from js folder (which is a READ-ONLY folder, containing READ-ONLY files), in this scenario, a malware or dangerous code may abuse fx-autoconfig to hack my Firefox?
I'm trying to understand how to minimize risks, and the level of security improvement I might achieve by changing read-only attributes in directories and files.
If you also make the whole chrome folder read-only and ignore the possibility that a malicious entity could cause your whole profile folder to be replaced (*) then sure, setting all directories read-only would minimize risk.
(*) I mean a malicious program could for example edit your profiles.ini (which Firefox uses to select which profile to use and I guess Firefox would be quite unhappy if you tried to make that read-only), create a copy of your current profile folder but just with a modified version of boot.sys.mjs - that should be doable without admin rights and be somewhat unnoticeable I think.
Great answers. Thank you.
I've being using your fx-autoconfig for a long time, very solid, I almost never had a problem.
I also have a stable customized css and js style, I don't have needs for changes. For the past 12 months I never had to touch my chrome folder.
So, yes, I'm always keeping my whole chrome folder (sub-folders and files inside it) as read-only.
In addition, I have a customized path for my Firefox (it's not placed at O.S. disk, so it's not placed at default folders like "C:\Program Files" etc).
Also, the name of my Firefox folders are customized. Even the name of my profile folder is customized, and this customized folder is not placed at default Firefox folder location (it's not even at same disk as Firefox.exe is).
I searched my entire device, and as far as I know, I don't even have a profile.ini file.
It's not impossible to found my Firefox, but it's not easy. For instance, third-party cleaner software can't find my Firefox.
In addition, I have a security software that only allows known executables or scripts to be loaded. I suspect that a malicious program trying to create a new Firefox profile folder, could be identified before doing that.
Also, and as a ransomware protection, my security software allows only files inside Firefox folder, to create or modify stuff inside Firefox folders. So, a malicious program will have a chance to infect my Firefox, only if it's already placed inside my Firefox folder. Attempts to mess with my Firefox from places outside my Firefox folder, I believe they are going to be detected by myself or by my security software.
My Firefox can be found and infected by a malicious program, but it wont be easy.
I don't think fx-autoconfig is dangerous.
I totally agree with you, it's just a tool. And it's a great tool!
A simple addon, even officiated and approved my mozilla, it can be dangerous. Any tool can be dangerous. But compared with most of the tools, fx-autoconfig is less dangerous, because is a very specific tool. Dangerous tools normally target average users, average browsers, average conditions. It's not fx-autoconfig case.
There is no need to be paranoid with fx-autoconfig. Few security measures are more than enough.
Thank you
In addition, I have a customized path for my Firefox (it's not placed at O.S. disk, so it's not placed at default folders like "C:\Program Files" etc).
If this implies that Firefox program directory is writable without admin rights then it doesn't matter in the slightest if you have set any of the files in your profile-directory to be read-only or not. If there was a malicious program it could just replace config.js in wherever the firefox executable is, or more likely just replace the firefox.exe itself or any of the program resources at omni.ja.
I mean, if the program directory is writable without admin rights then all bets are off whether you use fx-autoconfig or not and no restrictions you apply to files in profile folder are going to improve security at all.
As I explained, due to my security software, as a ransomware protection, only files inside Firefox folder can create or modify stuff inside Firefox folders. Nothing outside my Firefox folder can make changes inside my Firefox folder.
So back to your last message, if my config.js is infected, then the infection must have come from within my Firefox folder. But as I explained, this is hard to happen in my setup, because the malware would have to be installed inside the Firefox folder.
If the malware is inside my Firefox folder, that leaves me 3 scenarios:
-
By myself, I made the mistake of downloading the malware. But in this case, as I explained, my Firefox.exe folder and my Profile folder, are separated, in different disks. And, my Download folder is outside my Firefox folder, and also is outside my Profile folder. Three different folders on three different drives. So, the malware will be outside my Firefox folder. And any attempt to modify my Firefox stuff, will be detected by my security software due to my ransomware settings (Firefox stuff is containerized).
Also, I don't use cache. The malware may run from memory, but again, it'll be outside my Firefox folder. So if the malware attempts to make changes in my Firefox stuff, it'll be blocked. Nothing outside my Firefox folder can make changes inside my Firefox folder. -
The Firefox update is infected. Well, if that happens, it wont be a consequence of fx-autoconfig, it'll be a major Firefox problem affecting all Firefox users. And probably my security software will detect that.
-
Your fx-autoconfig is infected. This is the only case I'm f@cked. In this scenario, everything can happens. And that's the reason, in my message, I asked you to omit this scenario.
I can ensure you my js scripts are safe, because many different experts took at look, and all of them are saying my js scripts are safe.
But if your fx-autoconfig is infected, not by you!, unintentionally, let's say a hacker found a breach to change your fx-autoconfig, in this case, I'm f@cked.
That said, as a test, I wrote a batch with administrative rights, which makes changes on config.js. My batch failed.
It was blocked by my security software, which didn't identify it as malware, but it was blocked because my Firefox stuff is protected against any external attempt to make changes.
So I moved my batch to the Firefox.exe folder. My security software allowed it to run. But my batch couldn't save config.js, because is a read-only file.
Important to mention that I use different Firefox instances for different uses.
For instance, for regular daily browsing, I use my customized Firefox, with your fx-autoconfig and css mods.
But for banking or sensitive browsing, I use a separated Tor browser and profile, with VPN and other measures. No css nor js scrips.
So, if I got infected by js scripts or by an infected fx-autoconfig version, my vanilla daily browsing profile is not going to reveal important personal data.
I'm only sharing with you easy measures that can reduce security risks.
I'm not saying I have the perfect solution.
I'm aware that malicious programs are more clever than myself. And as I said, my Firefox can be found and infected by a malicious program.
I just don't think fx-autoconfig is more dangerous than other stuff. Addons are more dangerous than fx-autoconfig.