Closed
Bug 102631
Opened 23 years ago
Closed 22 years ago
built-in objects dll picked up by a profile must be that of the latest installed version of the software.
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 147280
Future
People
(Reporter: ssaux, Assigned: ddrinan0264)
References
Details
Currently, the secmod db stores the full path of the nssckbi.dll which store built-in root CA certs. Secmod.db is in the profile, and the value stored in it for nssckbi.dll reflects the install location of the client version that created it (for 6.1 and higher). If someone which thus created a secmod.db with 6.1, installs 6.2 in a different directory than 6.1 (i.e., the new installation's nssckbi.dll doesn't replace the old nssckbi.dll), and uses this profile, then 6.2 will use the 6.1 version of nssckbi.dll The solution is to make sure that entries in secmod.db for nssckbi.dll are versioned. The result will be that the software will check that the nssckbi.dll is the most recent available: The requirement will be: The dll in secmod.db exists. its version in secmod.db must equal or higher than the currently executing version of the client ships with. If these requirements are not met, the secmod.db will be updated to reflect the version the currently executing client has. This will allows the root ca list to be has complete as possible. This may requires some NSS work as well for the secmod entry versioning.
Reporter | ||
Updated•23 years ago
|
Priority: -- → P1
Target Milestone: --- → Future
Reporter | ||
Comment 1•23 years ago
|
||
*** Bug 104965 has been marked as a duplicate of this bug. ***
Comment 2•22 years ago
|
||
I believe this is a duplicate of NSS bug 147280. Because this one is PSM and the other is NSS, I'm not marking this one as a duplicate, but rather add a dependency. We should decide whether we are fine, once bug 147280 gets resolved.
Depends on: 147280
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•