Path: csiph.com!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail From: Richmond Newsgroups: alt.comp.software.firefox Subject: Re: policies.json Date: Mon, 27 Apr 2026 11:01:04 +0100 Organization: Frantic Message-ID: <82eck0n2n3.fsf@example.com> References: <10sin49$tkil$2@dont-email.me> <10sj6tg$10uuo$5@dont-email.me> <10slfq3$1nmgs$1@toylet.eternal-september.org> <10slocn$1pk30$2@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain Injection-Info: solani.org; logging-data="1062802"; mail-complaints-to="abuse@news.solani.org" User-Agent: Gnus/5.13 (Gnus v5.13) Cancel-Lock: sha1:YCKq9AwSq5kJTpG49ypJjkKR++s= sha1:Vadh5pxeVkFG/LdqlnrvpHCtDxI= X-User-ID: eJwNyMEBwCAIA8CVQEko4wDK/iPYex42le1G0DAYLVvhzUnva1trMYTe6zrzX+1PECklB806DxbZESk= Xref: csiph.com alt.comp.software.firefox:16864 The Real Bev writes: > On 4/26/26 09:51, Mr. Man-wai Chang wrote: >> On 4/26/2026 4:07 AM, The Real Bev wrote: >>> cat -A distribution/policies.json ;reveals ^M corruption echo >>> '{"policies":{"DisableAppUpdate":true}}' > policies.json ;fixes it >>> about:policies ;confirms "Active" I did the same for Thunderbird and >>> then marked both files read-only. >>> >> You can also use command "chattr" (and lsattr BTW) to make the file >> immutable, as extra counter-measure. > > Is chattr any less opaque than chmod? I finally found a handy table > which is much easier than reading the man page. I KNOW the people who > write man pages just do it for spite :-( There is some irony here. The json file is being used to prevent firefox being updated. And now we look for a way to prevent the json file being updated. Would it not make more sense directly prevent firefox being updated? Afterall it may be that the expected format of the json file changes, then it would be necessary to change the file itself as part of an update. So, a more sensible solution is to prevent firefox being updated. And you don't even need to use chmod, you can simple change the owner of firefox to a user who is not usually running it. This makes it more secure from attack through the browser itself. If you had installed firefox from a package manager the owner would be root I think. Even Windows would put it in "Program Files" where it cannot be updated except by a system update process.