Closed
Bug 296270
Opened 19 years ago
Closed 19 years ago
Default user agent on AIX contains machine information
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: pkwarren, Assigned: pkwarren)
Details
(Keywords: fixed-aviary1.0.5, fixed1.7.9, privacy, Whiteboard: [sg:nse])
Attachments
(1 file)
|
741 bytes,
patch
|
mkaply
:
review+
darin.moz
:
superreview+
mkaply
:
approval-aviary1.0.5+
mkaply
:
approval1.7.9+
mkaply
:
approval1.8b3+
|
Details | Diff | Splinter Review |
On AIX, the default user agent is constructed in the following manner:
struct utsname name;
int ret = uname(&name);
if (ret >= 0) {
nsCString buf;
buf = (char*)name.sysname;
buf += ' ';
buf += (char*)name.machine;
mOscpu.Assign(buf);
}
On AIX, the values in the utsname structure are different than on other Unix
platforms. For example, these are the contents of the uname array on AIX:
$ ./aix-uname
uname.sysname: AIX
uname.nodename: ut
uname.release: 1
uname.version: 5
uname.machine: 000D214D4C00
The unfortunate problem with this bug, is that the default user agent on AIX
platforms is set to a value which can be unique to the machine, which presents a
possible privacy issue. I propose that this be changed on AIX to be:
buf = uname.sysname;
buf += ' ';
buf += uname.version;
buf += '.';
buf += uname.release;
I will add a patch to this bug which makes this change.
|
Assignee | |
Comment 1•19 years ago
|
||
Assignee: darin → pkwarren
Status: NEW → ASSIGNED
Attachment #185062 -
Flags: superreview?(darin)
Attachment #185062 -
Flags: review?(mozilla)
Attachment #185062 -
Flags: approval1.7.9?
Attachment #185062 -
Flags: approval-aviary1.0.5?
|
|
Assignee | |
Comment 2•19 years ago
|
||
http://lxr.mozilla.org/classic/source/cmd/xfe/mozilla.c#1992 contains similar logic from the classic Mozilla source code.
|
||
Comment 3•19 years ago
|
||
Comment on attachment 185062 [details] [diff] [review] Patch v1 r=mkaply with a comment that says why.
Attachment #185062 -
Flags: review?(mozilla)
Attachment #185062 -
Flags: review+
Attachment #185062 -
Flags: approval1.7.9?
Attachment #185062 -
Flags: approval1.7.9+
Attachment #185062 -
Flags: approval-aviary1.0.5?
Attachment #185062 -
Flags: approval-aviary1.0.5+
|
||
Updated•19 years ago
|
Attachment #185062 -
Flags: superreview?(darin) → superreview+
|
||
Comment 4•19 years ago
|
||
are the casts needed, btw? (and, does this really need to be security sensitive?)
|
|
||
Comment 5•19 years ago
|
||
I think the casts are there for historical reasons. There may be some platforms that return "unsigned char" maybe?
|
||
Comment 6•19 years ago
|
||
Does this need to be marked security sensitive? It's a minor privacy issue, not an exploit.
Keywords: privacy
Whiteboard: [sg:nse]
|
|
Assignee | |
Updated•19 years ago
|
Group: security
|
|
Assignee | |
Updated•19 years ago
|
Attachment #185062 -
Flags: approval1.8b3?
|
|
||
Updated•19 years ago
|
Attachment #185062 -
Flags: approval1.8b3? → approval1.8b3+
|
|
Assignee | |
Comment 7•19 years ago
|
||
Fixed on trunk. Checking in nsHttpHandler.cpp; /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp,v <-- nsHttpHandler.cpp new revision: 1.112; previous revision: 1.111 done
|
|
Assignee | |
Comment 8•19 years ago
|
||
Fixed on 1.7 branch. Checking in nsHttpHandler.cpp; /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp,v <-- nsHttpHandler.cpp new revision: 1.94.2.4; previous revision: 1.94.2.3 done
Keywords: fixed1.7.9
|
|
Assignee | |
Comment 9•19 years ago
|
||
Fixed on aviary branch. Checking in nsHttpHandler.cpp; /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp,v <-- nsHttpHandler.cpp new revision: 1.94.2.1.2.3.2.1; previous revision: 1.94.2.1.2.3 done
|
|
Assignee | |
Comment 10•19 years ago
|
||
Verified fix in a trunk build from today.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•