1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: Debian 12.5 up-to-date Xfce, Firefox clings to USB stick

    From gene heskett@21:1/5 to All on Sat Mar 30 18:20:02 2024
    On 3/30/24 11:36, Antti-Pekka Känsälä wrote:
    What could be the deal, when Firefox tries to stop me from unmounting a stick, after I've accessed files on it through Firefox?  I worry about
    my stick security.  Thanks.

    Since this is normally a root operation, I'm confused. Likely what it
    means is that you have an open write path from firefox to the stick that
    has not been properly closed. I get into a similar state working with
    u-sd's using mc to edit something I have used mc to cd to, and forget to
    cd back out of the u-sd before I eject the card to take it to its proper
    home in a pi clone. Possibly fixed by stopping firefox first?

    Cheers, Gene Heskett, CET.
    --
    "There are four boxes to be used in defense of liberty:
    soap, ballot, jury, and ammo. Please use in that order."
    -Ed Howdershelt (Author, 1940)
    If we desire respect for the law, we must first make the law respectable.
    - Louis D. Brandeis

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charles Curley@21:1/5 to antti.pekka.kansala@gmail.com on Sat Mar 30 19:30:01 2024
    On Sat, 30 Mar 2024 17:17:52 +0200
    Antti-Pekka Känsälä <antti.pekka.kansala@gmail.com> wrote:

    What could be the deal, when Firefox tries to stop me from unmounting
    a stick, after I've accessed files on it through Firefox? I worry
    about my stick security. Thanks.

    It sounds like Firefox has a file open on the stick. To check this, run something like

    lsof | grep -i offsite

    where offsite is in the path to the stick.

    --
    Does anybody read signatures any more?

    https://charlescurley.com
    https://charlescurley.com/blog/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tomas@tuxteam.de@21:1/5 to All on Sat Mar 30 20:40:01 2024
    On Sat, Mar 30, 2024 at 07:32:16PM +0200, Antti-Pekka Känsälä wrote:
    Yes, closing Firefox does allow the stick to unmount cleanly, but I still worry.

    To get an idea of what's going on, you can use "lsof":

    tomas@trotzki:~$ lsof /dev/sda1
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    bash 3982 tomas cwd DIR 8,1 4096 2 /boot
    hexdump 4056 tomas 0r REG 8,1 33464584 28 /boot/initrd.img-5.10.0-26-amd64
    hexdump 4074 tomas 0r REG 8,1 7044672 27 /boot/vmlinuz-5.10.0-26-amd64

    There are three processes accessing my /dev/sda1 ("aka" /boot). I put
    them there to have something to show :-)

    Cheers
    --
    t

    -----BEGIN PGP SIGNATURE-----

    iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZghqAQAKCRAFyCz1etHa RnRjAJ9Zzkkla7BTlkjuDi5jOr/aL7IA6wCfQUNGkCvRE2THQJY6UMmGT3bzEwQ=
    =K0nl
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Christensen@21:1/5 to All on Sat Mar 30 23:20:01 2024
    On 3/30/24 08:17, Antti-Pekka Känsälä wrote:
    What could be the deal, when Firefox tries to stop me from unmounting a stick, after I've accessed files on it through Firefox? I worry about my stick security. Thanks.


    Linux knows what files are open on each file system. If you try to
    unmount a file system with open files or eject a mounted USB drive with
    open files, Linux will refuse and your desktop environment will display
    a suitable error dialog. This is a feature, not a bug.


    The solution is to close all the files on the file system, and then
    unmount it.


    David

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Wright@21:1/5 to All on Sun Mar 31 06:50:01 2024
    On Sat 30 Mar 2024 at 21:06:27 (+0200), Antti-Pekka Känsälä wrote:
    I was able to replicate this, by trying to send gmail to myself in Firefox, attaching a binary on a mounted USB stick.

    Did you mount the stick yourself as a user (ie there's an
    fstab entry for it), or as root, or does an automounter
    mount it for you?

    After the attachment supposedly
    was uploaded, I tried to unmount the stick, but it blocks. "lsof | grep -i KINGSTON" then shows a total of 129 lines from "x-www-browser". This lasted for about a minute, then the drive unmounted by itself.

    This is the behaviour I see, where (1) inserting a stick creates
    a mountpoint and (2) that mountpoint is referenced in /etc/fstab:

    After typing Ctrl-O in Firefox, I navigate to /media/foo (the
    mountpoint that was created). Double-clicking on the directory
    mounts it and displays the files in it. Opening a text file
    displays it. At least for a small file, FF does not hold the
    file open, so I can immediately unmount the stick. That may
    differ if, for example, a mail MUA or MTA is taking a lot of
    time to process an attached file.

    So I suspect you may be relying on an automounter to mount the
    stick, and you have to wait for a period of inactivity to time
    out before it decides you've probably finished with it.

    Cheers,
    David.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Wright@21:1/5 to All on Sun Mar 31 17:40:02 2024
    On Sun 31 Mar 2024 at 09:42:37 (+0300), Antti-Pekka Känsälä wrote:
    I'm mounting and unmounting through the stick icon's menu on Xfce desktop. Maybe a fancy file chooser dialogue stays around analyzing the directory,
    as you suspect? But I'm worried my Gmail in Firefox is capable of stealing files off my USB stick.

    I've no answer for that, particularly in view of Max's reply
    to my previous post.

    I've always copied files to and from USB sticks, floppy disks, CDs,
    etc), using the hard disk as a staging area. That habit developed
    thirty years ago on account of (other's) experience with Windows,
    and the "stickiness" of its file choosers. This could lead to
    problems when you attempted to renavigate to files, but hadn't got
    the same devices plugged in as previously.

    That's not much help to you because by doing that, you'd merely be
    exposing your hard drive instead for analysis, to Firefox, or
    worse, possibly to Gmail.

    I run two instances of Firefox as a matter of course. One user's
    instance is used for banking and other administrative tasks.
    The other user's is for everything else. The latter is unable
    to read any of the former's files. (Some people use different
    machines to the same end.)

    Cheers,
    David.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Curt@21:1/5 to Max Nikulin on Sun Apr 14 16:30:01 2024
    On 2024-04-04, Max Nikulin <manikulin@gmail.com> wrote:

    If you do not trust Gmail as a web application, use a mail application
    that supports IMAP.


    Gmail supports IMAP since more or less forever.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Curt@21:1/5 to David Wright on Mon Apr 15 21:00:01 2024
    On 2024-04-15, David Wright <deblis@lionunicorn.co.uk> wrote:
    On Sun 14 Apr 2024 at 14:24:29 (-0000), Curt wrote:
    On 2024-04-04, Max Nikulin <manikulin@gmail.com> wrote:

    If you do not trust Gmail as a web application, use a mail application
    that supports IMAP.


    Gmail supports IMAP since more or less forever.

    AIUI the OP's problem was not when reading mail, but with mail
    submission of attachments.

    And in what way does that affect a true statement and a phraseology that clearly implies an nonexistent incompatibility?

    Cheers,
    David.




    --

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Wright@21:1/5 to Curt on Mon Apr 15 20:30:01 2024
    On Sun 14 Apr 2024 at 14:24:29 (-0000), Curt wrote:
    On 2024-04-04, Max Nikulin <manikulin@gmail.com> wrote:

    If you do not trust Gmail as a web application, use a mail application
    that supports IMAP.


    Gmail supports IMAP since more or less forever.

    AIUI the OP's problem was not when reading mail, but with mail
    submission of attachments.

    Cheers,
    David.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From John Crawley@21:1/5 to Curt on Tue Apr 16 05:10:01 2024
    On 16/04/2024 03:52, Curt wrote:
    On 2024-04-15, David Wright <deblis@lionunicorn.co.uk> wrote:
    On Sun 14 Apr 2024 at 14:24:29 (-0000), Curt wrote:
    On 2024-04-04, Max Nikulin <manikulin@gmail.com> wrote:

    If you do not trust Gmail as a web application, use a mail application >>>> that supports IMAP.


    Gmail supports IMAP since more or less forever.

    AIUI the OP's problem was not when reading mail, but with mail
    submission of attachments.

    And in what way does that affect a true statement and a phraseology that clearly implies an nonexistent incompatibility?

    Loosen the interpretation of Max Nikulin's statement slightly:
    "If you do not trust Gmail as a web application, use any mail application that supports IMAP"
    and it makes sense.

    --
    John

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Wright@21:1/5 to Curt on Tue Apr 16 07:10:01 2024
    On Mon 15 Apr 2024 at 18:52:33 (-0000), Curt wrote:
    On 2024-04-15, David Wright <deblis@lionunicorn.co.uk> wrote:
    On Sun 14 Apr 2024 at 14:24:29 (-0000), Curt wrote:
    On 2024-04-04, Max Nikulin <manikulin@gmail.com> wrote:

    If you do not trust Gmail as a web application, use a mail application >> > that supports IMAP.


    Gmail supports IMAP since more or less forever.

    AIUI the OP's problem was not when reading mail, but with mail
    submission of attachments.

    And in what way does that affect a true statement and a phraseology that clearly implies an nonexistent incompatibility?

    It doesn't, and wasn't intended to. The OP was worried about security
    of the attachment process during mail submission. IMAP is not involved.

    I'm told that gmail offers an SMTP interface, but I don't know how
    well it works, or its pros and cons. That's why I wrote "the OP's
    problem was … with mail submission …", in case that had got forgotten
    with the thread drifting across to the topic of reading emails.
    Clearer?

    Cheers,
    David.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Curt@21:1/5 to John Crawley on Tue Apr 16 15:50:01 2024
    On 2024-04-16, John Crawley <john@bunsenlabs.org> wrote:

    If you do not trust Gmail as a web application, use a mail application >>>>> that supports IMAP.


    Gmail supports IMAP since more or less forever.

    AIUI the OP's problem was not when reading mail, but with mail
    submission of attachments.

    And in what way does that affect a true statement and a phraseology that
    clearly implies an nonexistent incompatibility?

    Loosen the interpretation of Max Nikulin's statement slightly:
    "If you do not trust Gmail as a web application, use any mail application that supports IMAP"
    and it makes sense.


    I've just loosened it.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Curt@21:1/5 to Max Nikulin on Tue Apr 16 15:50:02 2024
    On 2024-04-16, Max Nikulin <manikulin@gmail.com> wrote:

    If you do not trust Gmail as a web application, use a mail application >>>>> that supports IMAP.

    Gmail supports IMAP since more or less forever.

    AIUI the OP's problem was not when reading mail, but with mail
    submission of attachments.

    And in what way does that affect a true statement and a phraseology that
    clearly implies an nonexistent incompatibility?

    I am completely lost. Mail messages (with attachments) may be submitted

    It would've been clearer to have advised using another mail application, period, if the OP didn't trust Gmail. But the manner in which you
    phrased your advice implied that Gmail was a "web application" that
    didn't support IMAP, which is false, so I piped up (or is it in?) in my admittedly somewhat oblique (to the matter at hand) manner.

    But no harm, no foul, and all is well. The only real mystery is how
    Tomas resisted getting yet another lick in against Gmail and Google, et
    al.


    --

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)