Closed Bug 131025 Opened 23 years ago Closed 23 years ago

Remove "trusted codebase" mechanism

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: security-bugs, Assigned: security-bugs)

Details

Attachments

(1 file, 1 obsolete file)

Patch 2, with changes
30.86 KB, patch
security-bugs
: review+
security-bugs
: superreview+
asa
: approval+
Details | Diff | Splinter Review
In November I added a mechanism for allowing unsigned content to enable privileges without enabling codebase principals generally. This isn't really a safe thing to do - it means we're trusting DNS to verify the identity of a remote site, and DNS isn't meant to be a secure verification of identity. This feature was checked in as a temporary measure, and I'd like to remove it now so as to encourace the use of more secure methods (signed scripts).
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Here's a fix for this bug, and these others: 128861, 131342, 131340, 128697.
Keywords: patch
Whiteboard: needs review and a=
replace |new PLDHashTable()| with PL_NewHashTable() and call PL_DHashTableDestroy() to destroy a pldhash in stead of deleting it. + if (myScheme.Equals("http")) + defaultPort = 80; What about "https"? +NS_NAMED_LITERAL_CSTRING(sPolicyPrefix, "capability.policy."); Make this static. With that, sr=jst
Comment on attachment 74465 [details] [diff] [review] Patch - also includes some other fixes >@@ -403,6 +408,7 @@ > PRBool mIsWritingPrefs; > nsCOMPtr<nsIThreadJSContextStack> mJSContextStack; > PRBool mNameSetRegistered; >+ PRBool mPolicyPrefsChanged; > }; Can you replace PRBool with PRPackedBool? >+ nsCOMPtr<nsIURI> myBaseURI(mURI); >+ while((jarURI = do_QueryInterface(myBaseURI))) >+ { >+ jarURI->GetJARFile(getter_AddRefs(myBaseURI)); >+ } Are you sure myBaseURI will always be a valid memory? If yes then please add a comment supporting that. >+ nsCOMPtr<nsIIOService> ioService( >+ do_GetService(NS_IOSERVICE_CONTRACTID)); >+ if (!ioService) >+ return rv; What is rv here? Shouldn't this be do_GetService(NS_IOSERVICE_CONTRACTID, &rv)); or something like that?
>+ else if (otherScheme.Equals("imap") || >+ otherScheme.Equals("mailbox") || >+ otherScheme.Equals("news")) Correct the indendation.
This incorporates the above comments.
Attachment #74465 - Attachment is obsolete: true
Comment on attachment 74865 [details] [diff] [review] Patch 2, with changes With those changes, I'm going to assume I have r and sr.
Attachment #74865 - Flags: superreview+
Attachment #74865 - Flags: review+
Comment on attachment 74865 [details] [diff] [review] Patch 2, with changes a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #74865 - Flags: approval+
Checked in on trunk. Would like to check this into the 0.9.9 branch too.
Whiteboard: needs review and a= → fixed on trunk, need 0.9.9
Never mind, fix for 0.9.9 is not needed. Marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Whiteboard: fixed on trunk, need 0.9.9
Marking verified as per above developer comments.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: