isn't firefox's remote execution capability on linux a security violation?
If I run firefox remotely on a different machine over a secure
connection without using the --no-remote option, it starts locally
Also, if I have a secure connection to a remote machine where
firefox is running (without --no-remote), and I start firefox
locally, the remote instance paints a window on the screen.
How does that work? Are only X facilities used? Which ones?
Also, can someone point me to the files in the
source version that implement this functionality, and whether there
is a compile-time variable to disable it? A related question - if I
build my own version according to the mozilla directions, can I expect
it to be as fast as the pre-compiled version?
In the first case, take this example:
$ ssh -fX remote xterm -ls
$ firefox &
When I start firefox remotely in this configuration, I expect
that it asks X to open a window and X sees that the graphic server is
remote and paints a window there. Without firefox knowing about it.
I consider it a trojan horse that firefox should look around to
determine what my configuration is. This is exactly what I don't want
applications to do.
At the very least - i.e. without running a general inventory - it seems
that firefox needs to ask if the graphics server is remote or not, and if so,
it has to attempt to start an arbitrary executable (but hopefully only
firefox) on the server machine.
That that kind of activism doesn't seem like infringement to others is
amazing to me.