Closed
Bug 255238
Opened 20 years ago
Closed 20 years ago
creating a new profile in firefox (via profile manager) doesn't salt directory name
Categories
(Toolkit :: Startup and Profile System, defect)
Toolkit
Startup and Profile System
Tracking
()
RESOLVED
FIXED
People
(Reporter: Brade, Assigned: benjamin)
References
Details
(Keywords: fixed-aviary1.0, Whiteboard: [have patch] in 256076)
I've been doing lots of testing with seamonkey and firefox builds lately. I noticed that new profiles I created with firefox 0.9.3 on Windows do not have salted directory names. Steps: * run firefox with profile manager * delete all existing profiles * create a new profile naming it: default * notice that the directory is named "default"
Reporter | ||
Updated•20 years ago
|
Flags: blocking-aviary1.0+
Reporter | ||
Comment 1•20 years ago
|
||
btw: blocking-aviary1.0 + is per shaver (via bsmedberg)
Assignee | ||
Comment 2•20 years ago
|
||
Yeah, I've been meaning to fix this. It essentially involves adding salting to http://lxr.mozilla.org/aviarybranch/source/toolkit/profile/content/createProfileWizard.js#80 and http://lxr.mozilla.org/aviarybranch/source/toolkit/profile/content/createProfileWizard.js#141 (will need a little regexp-love there to replace the ==).
Status: NEW → ASSIGNED
Comment 3•20 years ago
|
||
We should make salting less annyoing by using default-xxxxxxxx/ instead of default/xxxxxxxx.slt/
Assignee | ||
Comment 4•20 years ago
|
||
Yeah, we already do that for the default profile. This bug only affects profile created from the UI.
Comment 5•20 years ago
|
||
Re: jesse's comment 3: Firefox already went with something like what you suggest, but because of 8.3 mapping constraints, the combined profile+salt directory name has only 3(!) chars of salt. That's bug 256076. We need to fix that bug and this one for 1.0PR1. /be
Depends on: 256076
Flags: blocking-aviary1.0PR+
Comment 6•20 years ago
|
||
Why does 8.3 matter? Is it because an attacker could bypass the salt using "Defaul~1" otherwise?
Assignee | ||
Comment 7•20 years ago
|
||
Patch in 256076 covers this as well.
Updated•20 years ago
|
Whiteboard: [have patch] in 256076
Assignee | ||
Comment 8•20 years ago
|
||
Fixed on trunk and branch
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•