View previous topic :: View next topic |
Author |
Message |
mf-gentoo n00b
Joined: 27 Jan 2023 Posts: 11
|
Posted: Wed May 24, 2023 8:41 am Post subject: Firefox personal profile linked to /tmp [SOLVED] |
|
|
It's me again. I just solved the problem...
I forgot that my laptop has SSD and that when configuring the new install I followed the suggestions found in https://wiki.gentoo.org/wiki/SSD
Therefore I relocated the web browser profile/s, cache, etc. to tmpfs thus "The corresponding I/O associated with using the browser gets redirected from the SSD drive to tmpfs' volatile memory, resulting in reduced wear to the physical drive and also improving browser speed and responsiveness". And, of course, I am using profile-sync-daemon. This also explain why I see these files in /tmp only after rebooting.
I completely forgot this.
Therefore, it is not a malicious Malicious Linux.Xor.DDoS but it is my own malicious memory.
Sorry.
---------------------------------
Hi,
chkrootkit told me that Possible Malicious Linux.Xor.DDoS installed:
/tmp/mf-firefox-uym12ary.default-release/times.json
/tmp/mf-firefox-uym12ary.default-release/gmp-gmpopenh264/1.8.1.2/libgmpopenh264.so
/tmp/mf-firefox-uym12ary.default-release/gmp-gmpopenh264/1.8.1.2/gmpopenh264.info
/tmp/mf-firefox-i7gt9eo4.default/times.json
In the ~/.mozilla/firefox I have two symlinks:
i7gt9eo4.default -> /tmp/mf-firefox-i7gt9eo4.default
uym12ary.default-release -> /tmp/mf-firefox-uym12ary.default-release
This means that all my firefox profile data are in /tmp!
Permissions are:
drwx------ 2 mf mf 80 24 mag 10.16 mf-firefox-i7gt9eo4.default
drwx------ 14 mf mf 1000 24 mag 10.28 mf-firefox-uym12ary.default-release
So, they are not visible by anyone (but this is my own laptop so there is no one else using it, apparently).
I removed several times the .mozilla directory and executed firefox (I use firefox-bin package). The profile is where it supposed to be (i.e. in my home directory) and if I look into /tmp no firefox-files are there but as I soon as I reboot, login into my account and execute firefox the profile is again moved to /tmp and in ~/.mozilla/firefox symbloic links are set again.
What is happening? Is it safe? Is it a malware? What can I do? I searched on the web but couldn't find any information.
M. |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3131
|
Posted: Wed May 24, 2023 9:06 am Post subject: |
|
|
Can't you just reset it to defaults or create a new profile?
You get access to profiles by starting is as firefox -P, which BTW is a pretty handy feature for more advanced users. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|