Open Bug 1170578 Opened 9 years ago Updated 1 year ago

RFC: Buggy NSS dbm code ought to be updated

Categories

(NSS :: Libraries, defect, P5)

Tracking

(Not tracked)

People

(Reporter: ishikawa, Unassigned)

References

(Blocks 1 open bug)

Details

(This blocks bug 1170564: [META] Failure to deal with short read )

For details of short read, and how to fix, please read the bug
1170564.

Here in this bugzilla entry, it is pointed out that NSS DBM
code (Berkeley db 1.85) ought to be updated to a new one.

This code is used by both C-C TB and FF since it is under M-C
tree.  This code cannot cope with short read, and cause
errors. It should be updated with later versions with more
robustness and nice features such as shared DB access.  (It is
way too old: I think it is from the first half of 1990's).

This was initially posted in a newsgroup posting by me [2].

I found that if short read operation occurs against one of the
following files under my MOZOBJ directory during
|make mozmill| test, TB causes errors reported in the test log.

    "_tests/mozmill/mozmillprofile/cert8.db",
    "_tests/mozmill/mozmillprofile/key3.db",
    "_tests/mozmill/mozmillprofile/secmod.db"

And I found these files are managed by NSS dbm code and the
code inspection reveals that it is not safe from short read at
all.

In response to the posting, Philip Chee responded in the
newsgroup posting [3],
(line break positions have been changed somewhat.)

--- begin quote ---

According to Google, current versions of NSS can use SQLite
for its backend. Butt the file names are different:

key3.db -> key4.db
cert8.db -> cert9.db
secmod.db -> pkcs11.txt

https://wiki.mozilla.org/NSS_Shared_DB
https://blogs.oracle.com/meena/entry/what_s_new_in_nss1

Advantage is that Firefox/Thunderbird/SeaMonkey can all share
the same files
........

> However, now that Sleepycat has been bought by Oracle, I am
> not sure what is the good option left.

I think v5 of Berkeley DB is still under the Sleepycat
licence.
--- end quote ---

From my own testing, I can confirm SQLite seems to be solid in
handling short read/write among many advantages it has. My
emulation of short read/write was done against SQLite
databases during tests, and I have not seen problems caused by
them if I am not mistaken. SQLite library handles the
necessary additional reads automagically. The casual code
browsing I did many months ago also support this informally.

> Advantage is that Firefox/Thunderbird/SeaMonkey can all
> share the same files

Frankly, I have no background to comment on this. But maybe if
one needs to add local certificates due to organizational
issues, there will be one less additional database to take
care of.

Re version v5 vs. v6.

Oracle web page today has a link to v6 code.

http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/downloads/index.html

If I am not mistaken, v6 even claims to have SQL interface
based on SQLite (!).  I don't know if it is done via talking
to a separate engine or even incorporate the SQLite source
code inside.

Anyway, it looks replacing the current code with the new NSS
code/backend seems a BIG WIN in the long run.

What do people think?

In the meantime, the bug caused by the short read is for real
and acute.

TIA

[1] Bug 1170564 - [META] Failure to deal with short read

[2] The second posting "DBM code too old (Re: mozmill test:
    Hightail ???)", in the newsgroup thread:
    https://groups.google.com/forum/#!topic/mozilla.dev.apps.thunderbird/G5UJxVa17SY
    
[3] The third posting in the above newsgroup thread.

PS: I have created a small patch for DBM code before not knowing the extent of the problem, but I think now it should be ditched and replaced with a new version.
Blocks: 1170564
Blocks: 1170606
Blocks: 1170646
Blocks: 1170668
No longer blocks: 1170668
No longer blocks: 1170606
No longer blocks: 1170646
See Also: → 1170606, 1170646, 1170668
Is there not already a bug about doing sqlite?
I had a brief look around but didn't find one that's open.
Assignee: nobody → nobody
Component: Security → Libraries
Product: Core → NSS
Version: unspecified → trunk

Is there any chance y'all would be interested in replacing dbm with something like LMDB (or possibly Kyoto Cabinet, LevelDB, etc) rather than simply removing it? The problem with SQLite being the only option is that applications integrating NSS that are designed around using dbm might find it prohibitively difficult to migrate to SQLite, and there are a few problems with it in situations that aren't SQL-friendly. Key value databases and relational databases are somewhat different animals.

I completely understand if y'all don't find it feasible to maintain support for two types of databases, but LMDB in particular scales very well, and is what most projects that have moved on from dbm seem to have chosen as a replacement. A high-performance, somewhat dbm-compatible replacement for key-value storage applications would be very welcome.

We might be able to produce some patches for it for our own internal use, but we'd really rather work with upstream on this if possible given that we're concerned there may be security risks involved in trying to configure NSS to use an alternate database downstream.

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Severity: major → --
Severity: -- → S4
Priority: -- → P5

(In reply to Jeremy Andrews from comment #2)

Is there any chance y'all would be interested in replacing dbm with something like LMDB (or possibly Kyoto Cabinet, LevelDB, etc) rather than simply removing it? The problem with SQLite being the only option is that applications integrating NSS that are designed around using dbm might find it prohibitively difficult to migrate to SQLite, and there are a few problems with it in situations that aren't SQL-friendly. Key value databases and relational databases are somewhat different animals.

I completely understand if y'all don't find it feasible to maintain support for two types of databases, but LMDB in particular scales very well, and is what most projects that have moved on from dbm seem to have chosen as a replacement. A high-performance, somewhat dbm-compatible replacement for key-value storage applications would be very welcome.

We might be able to produce some patches for it for our own internal use, but we'd really rather work with upstream on this if possible given that we're concerned there may be security risks involved in trying to configure NSS to use an alternate database downstream.

Obviously I am not the right person to ponder on these topics. Someone in the know re DB ought to make a policy decision for this.

You need to log in before you can comment on or make changes to this bug.