Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Firefox personal profile linked to /tmp [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mf-gentoo
n00b
n00b


Joined: 27 Jan 2023
Posts: 11
PostPosted: Wed May 24, 2023 8:41 am    Post subject: Firefox personal profile linked to /tmp [SOLVED] Reply with quote
It's me again. I just solved the problem...
I forgot that my laptop has SSD and that when configuring the new install I followed the suggestions found in https://wiki.gentoo.org/wiki/SSD
Therefore I relocated the web browser profile/s, cache, etc. to tmpfs thus "The corresponding I/O associated with using the browser gets redirected from the SSD drive to tmpfs' volatile memory, resulting in reduced wear to the physical drive and also improving browser speed and responsiveness". And, of course, I am using profile-sync-daemon. This also explain why I see these files in /tmp only after rebooting.
I completely forgot this.
Therefore, it is not a malicious Malicious Linux.Xor.DDoS but it is my own malicious memory.

Sorry.

---------------------------------

Hi,

chkrootkit told me that Possible Malicious Linux.Xor.DDoS installed:
/tmp/mf-firefox-uym12ary.default-release/times.json
/tmp/mf-firefox-uym12ary.default-release/gmp-gmpopenh264/1.8.1.2/libgmpopenh264.so
/tmp/mf-firefox-uym12ary.default-release/gmp-gmpopenh264/1.8.1.2/gmpopenh264.info
/tmp/mf-firefox-i7gt9eo4.default/times.json

In the ~/.mozilla/firefox I have two symlinks:

i7gt9eo4.default -> /tmp/mf-firefox-i7gt9eo4.default
uym12ary.default-release -> /tmp/mf-firefox-uym12ary.default-release

This means that all my firefox profile data are in /tmp!

Permissions are:
drwx------ 2 mf mf 80 24 mag 10.16 mf-firefox-i7gt9eo4.default
drwx------ 14 mf mf 1000 24 mag 10.28 mf-firefox-uym12ary.default-release

So, they are not visible by anyone (but this is my own laptop so there is no one else using it, apparently).

I removed several times the .mozilla directory and executed firefox (I use firefox-bin package). The profile is where it supposed to be (i.e. in my home directory) and if I look into /tmp no firefox-files are there but as I soon as I reboot, login into my account and execute firefox the profile is again moved to /tmp and in ~/.mozilla/firefox symbloic links are set again.

What is happening? Is it safe? Is it a malware? What can I do? I searched on the web but couldn't find any information.

M.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3131
PostPosted: Wed May 24, 2023 9:06 am    Post subject: Reply with quote
Can't you just reset it to defaults or create a new profile?
You get access to profiles by starting is as firefox -P, which BTW is a pretty handy feature for more advanced users.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy