Closed
Bug 296270
Opened 19 years ago
Closed 19 years ago
Default user agent on AIX contains machine information
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: pkwarren, Assigned: pkwarren)
Details
(Keywords: fixed-aviary1.0.5, fixed1.7.9, privacy, Whiteboard: [sg:nse])
Attachments
(1 file)
741 bytes,
patch
|
mkaply
:
review+
darin.moz
:
superreview+
mkaply
:
approval-aviary1.0.5+
mkaply
:
approval1.7.9+
mkaply
:
approval1.8b3+
|
Details | Diff | Splinter Review |
On AIX, the default user agent is constructed in the following manner: struct utsname name; int ret = uname(&name); if (ret >= 0) { nsCString buf; buf = (char*)name.sysname; buf += ' '; buf += (char*)name.machine; mOscpu.Assign(buf); } On AIX, the values in the utsname structure are different than on other Unix platforms. For example, these are the contents of the uname array on AIX: $ ./aix-uname uname.sysname: AIX uname.nodename: ut uname.release: 1 uname.version: 5 uname.machine: 000D214D4C00 The unfortunate problem with this bug, is that the default user agent on AIX platforms is set to a value which can be unique to the machine, which presents a possible privacy issue. I propose that this be changed on AIX to be: buf = uname.sysname; buf += ' '; buf += uname.version; buf += '.'; buf += uname.release; I will add a patch to this bug which makes this change.
Assignee | ||
Comment 1•19 years ago
|
||
Assignee: darin → pkwarren
Status: NEW → ASSIGNED
Attachment #185062 -
Flags: superreview?(darin)
Attachment #185062 -
Flags: review?(mozilla)
Attachment #185062 -
Flags: approval1.7.9?
Attachment #185062 -
Flags: approval-aviary1.0.5?
Assignee | ||
Comment 2•19 years ago
|
||
http://lxr.mozilla.org/classic/source/cmd/xfe/mozilla.c#1992 contains similar logic from the classic Mozilla source code.
Comment 3•19 years ago
|
||
Comment on attachment 185062 [details] [diff] [review] Patch v1 r=mkaply with a comment that says why.
Attachment #185062 -
Flags: review?(mozilla)
Attachment #185062 -
Flags: review+
Attachment #185062 -
Flags: approval1.7.9?
Attachment #185062 -
Flags: approval1.7.9+
Attachment #185062 -
Flags: approval-aviary1.0.5?
Attachment #185062 -
Flags: approval-aviary1.0.5+
Updated•19 years ago
|
Attachment #185062 -
Flags: superreview?(darin) → superreview+
Comment 4•19 years ago
|
||
are the casts needed, btw? (and, does this really need to be security sensitive?)
Comment 5•19 years ago
|
||
I think the casts are there for historical reasons. There may be some platforms that return "unsigned char" maybe?
Comment 6•19 years ago
|
||
Does this need to be marked security sensitive? It's a minor privacy issue, not an exploit.
Keywords: privacy
Whiteboard: [sg:nse]
Assignee | ||
Updated•19 years ago
|
Group: security
Assignee | ||
Updated•19 years ago
|
Attachment #185062 -
Flags: approval1.8b3?
Updated•19 years ago
|
Attachment #185062 -
Flags: approval1.8b3? → approval1.8b3+
Assignee | ||
Comment 7•19 years ago
|
||
Fixed on trunk. Checking in nsHttpHandler.cpp; /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp,v <-- nsHttpHandler.cpp new revision: 1.112; previous revision: 1.111 done
Assignee | ||
Comment 8•19 years ago
|
||
Fixed on 1.7 branch. Checking in nsHttpHandler.cpp; /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp,v <-- nsHttpHandler.cpp new revision: 1.94.2.4; previous revision: 1.94.2.3 done
Keywords: fixed1.7.9
Assignee | ||
Comment 9•19 years ago
|
||
Fixed on aviary branch. Checking in nsHttpHandler.cpp; /cvsroot/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp,v <-- nsHttpHandler.cpp new revision: 1.94.2.1.2.3.2.1; previous revision: 1.94.2.1.2.3 done
Assignee | ||
Comment 10•19 years ago
|
||
Verified fix in a trunk build from today.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•