Sorry, I must have been very tired last night. This morning, I can't remember (or figure out) which actions I was thinking of when I wrote that.
The only one that still jumps out to me is browser extensions—I'm pretty sure none of the major browsers allow that without user approval within the browser. You'd have to do something nasty which would require root.
>The only one that still jumps out to me is browser extensions—I'm pretty sure none of the major browsers allow that without user approval within the browser. You'd have to do something nasty which would require root.
I've admittedly never tried it, but as far as I understand, installing an extension in Firefox just involves copying the corresponding .xpi file to the profile folder (which is owned by the user, not root) and modifying a few configuration files (e.g. extensions.json). I don't see why some other program wouldn't be able to do that.
If root access were required, you'd have to supply your root password every time you wanted to install an extension.
This is in addition to the fact that Firefox has absolutely mandatory code signing for extensions (the only recourse is to recompile Firefox). That's something I'm very much not happy about, but does have upsides.
I have a hard time imagining how they enforce that. What keeps a malicious program from replicating the exact changes that Firefox makes when installing an extension? What about just replacing the whole profile folder with one that has a malicious extension installed?
>Firefox has absolutely mandatory code signing for extensions
That helps I guess, but there are clearly still malicious extensions that can pass the automated tests and get signed. Even if that wasn't possible, you could probably use some userscript extension and load malicious scripts that way.
> What keeps a malicious program from replicating the exact changes that Firefox makes when installing an extension? What about just replacing the whole profile folder with one that has a malicious extension installed?
I obviously haven't spent time trying to break this, but I would assume the config file is hashed. You probably could replace the whole profile, but that would be very noticeable to the user.
The only one that still jumps out to me is browser extensions—I'm pretty sure none of the major browsers allow that without user approval within the browser. You'd have to do something nasty which would require root.