v112 (#1654)

* updater.sh/prefsCleaner.sh: Check for root and abort

Check if running as root and if any files have the owner/group as root|wheel.
Abort on both.

Should (hopefully) prevent stuff like: https://github.com/arkenfox/user.js/issues/1587
Discussion: https://github.com/arkenfox/user.js/pull/1595

---------

Co-authored-by: Mohammed Anas <triallax@tutanota.com>
Co-authored-by: earthlng <earthlng@users.noreply.github.com>

prefsCleaner.sh

@@ -2,12 +2,23 @@
 
 ## prefs.js cleaner for Linux/Mac
 ## author: @claustromaniac
-## version: 1.6
+## version: 1.9
 
 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
 
 ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() )
 
+# Check if running as root and if any files have the owner/group as root/wheel.
+if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
+	printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
+	exit 1
+elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+	printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+	find . -user 0 -o -group 0
+	exit 1
+fi
+
 readonly CURRDIR=$(pwd)
 
 ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
@@ -138,7 +149,7 @@ echo -e "\n\n"
 echo "                   ╔══════════════════════════╗"
 echo "                   ║     prefs.js cleaner     ║"
 echo "                   ║    by claustromaniac     ║"
-echo "                   ║           v1.6           ║"
+echo "                   ║           v1.9           ║"
 echo "                   ╚══════════════════════════╝"
 echo -e "\nThis script should be run from your Firefox profile directory.\n"
 echo "It will remove any entries from prefs.js that also exist in user.js."

updater.sh

@@ -2,12 +2,23 @@
 
 ## arkenfox user.js updater for macOS and Linux
 
-## version: 3.5
+## version: 3.8
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
 
 ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() )
 
+# Check if running as root and if any files have the owner/group as root/wheel.
+if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
+	printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n"
+	exit 1
+elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+	printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+	find . -user 0 -o -group 0
+	exit 1
+fi
+
 readonly CURRDIR=$(pwd)
 
 SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)

user.js

@@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 30 March 2023
+*    date: 4 May 2023
-* version: 111
+* version: 112
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
 
@@ -491,7 +491,7 @@ user_pref("security.pki.crlite_mode", 2);
  * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
  * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
  * [TEST] http://example.com [upgrade]
- * [TEST] http://httpforever.com/ [no upgrade] ***/
+ * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/
 user_pref("dom.security.https_only_mode", true); // [FF76+]
    // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
 /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
@@ -1007,8 +1007,8 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
  * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
 user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
 /* 6008: enforce no First Party Isolation [FF51+]
- * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701),
+ * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI
- * and enabling FPI disables those. FPI is no longer maintained ***/
+ * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/
 user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false]
 /* 6009: enforce SmartBlock shims [FF81+]
  * In FF96+ these are listed in about:compat