On Thu, 2016-11-03 at 06:13 -0700, Alice Wonder wrote:
On 11/03/2016 05:28 AM, Phil Wyett wrote:
On Wed, 2016-11-02 at 21:37 -0700, Alice Wonder wrote:
While doing a browser fingerprinting survey, I was quite surprised to see I actually have a FireFox plugin installed.
The culprit is
/usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so
It appears that whoever maintains the rhythmbox RPM has chosen not to package the browser plugin separately like it probably should be. So if I have the rhythmbox RPM installed, I have the plugin.
This is rather worrisome because I can find no trace of the plugin in the Mozilla preferences panel, so if it is there it is very well hidden and if it really isn't there, it can't be disabled there.
Is there some kind of blacklist file I can put in /usr/lib64/mozilla/plugins/ or ~/.mozilla/plugins/ to specifically tell FireFox not to load that plugin, or do I have to uninstall rhythmbox?
Thank you for suggestions.
PS does anyone actually have a real world use for an itms detection plugin?
Hi,
It is possible to rebuild the package ( for CentOS 7) and disable this plugin being built.
Yes but then any update to rhythmbox would re-install it and it would become a pattern of build, rinse, repeat.
Hopefully the bugzilla I filed will result in an update being pushed with the plugin either gone or available in a separate package for those who do want it.
Hi,
Sometimes we are only left with the wash, rinse, repeat, though not ideal. This was a regular for me until I fully moved away from 6.x.
However...
You can update your bugzilla entry as affecting 7.3 also. The 3.3.1-5 build in RHEL 7.3 has the same issue as you reported it.
Note: All patches attached are against 7.3 rhythmbox 3.3.1-5 located on git.centos.org.
There are a number of scenarios.
Scenario 01:
Disable the plugin, so it is not built and thus removed from RHEL/CentOS 7 altogether. Not something that is likely to be done, taking away a feature.
Attached patch referenced below does this:
0001-Scenario-01-Disable-building-of-browser-plugin.patch
Scenario 02:
Move the browser plugin into a separate package. Not sure about the vendor wanting to do this, but is a viable option.
Attached patch referenced below does this:
0001-Scenario-02-Browser-plugin-as-seperate-package.patch
Scenario 03:
The CentOS community agrees with you and decides on one of the methods above and it is built and released as a 'centosplus' package.
Regards
Phil