Closed Bug 776655 Opened 12 years ago Closed 12 years ago

Don't trust app-id sent from child process when opening IDB databases

Categories

(Core :: Storage: IndexedDB, defect)

Product:
Core
Component:
Storage: IndexedDB
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Project Flags:
blocking-basecamp +

People

(Reporter: cjones, Assigned: bent.mozilla)

References

Details

When we did cross-process IndexedDB, we punted on sanitizing the DB name that content processes ask the parent to open.  Now that we have the mechanisms for capability checking, we need to apply them to IndexedDBs.

I suspect this requires the data jar work, but I'm not 100% clear on the details.
Guys, we should figure out how this fits with "data jars".  Assuming IDBs will be part of the data set, then we should basically get this out of the box --- we'll attempt to resolve the DB name in the app's storage area and it won't matter whether we trust name (beyond sanitizing malicious names like "../privegeledApp/otherDB").
blocking-basecamp: --- → +
Morphing this since once we have data-jars indexedDB databases will be per-app-id which means that all database names are allowed, as long as the child process is opening the database for the correct app.
Assignee: nobody → bent.mozilla
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Summary: Don't trust DB names handed back from content processes → Don't trust app-id sent from child process when opening IDB databases
You need to log in before you can comment on or make changes to this bug.