Closed Bug 1052096 Opened 7 years ago Closed 7 years ago

Hoist CPOWs into the junk scopes of each process


(Core :: JavaScript Engine, defect)

Not set





(Reporter: billm, Assigned: bholley)




(4 files, 1 obsolete file)

Right now, if a CPOW is created in a given compartment, it lives there forever. Whoever else wants it gets a wrapper around it. Bobby pointed out that this is a problem for cross-domain content compartments, where the second compartment won't be able to use the CPOW at all.

We really need to have a separate CPOW in each compartment. This is how other kinds of wrappers work.
Attached patch per-comp-cpows (obsolete) — Splinter Review
I wrote a patch for this and then tried to test it. However, I can't figure out how to get the test to fail without the patch, so I'm not sure how necessary this is.

Basically, we always receive the "initial" CPOW in some chrome compartment. And, whenever we operate on that CPOW, we'll always enter that chrome compartment to do it. Consequently, any new CPOWs derived from the original one will also be created in the same chrome compartment. So I think the "visibility" problem we were worried about, where a CPOW is created in a content compartment and then unusable by other content compartments, can't happen. Maybe I'm missing something though.

Despite all that, it seems better to have this than not to have it, so we might as well do it.
Attachment #8475566 - Flags: review?(bobbyholley)
Oh, one thing this patch doesn't do is to have the PrepareForWrapping hook just make a new CPOW in the new compartment. Let me know if you want that Bobby.
Comment on attachment 8475566 [details] [diff] [review]

Bill and I decided that we should just require and assert that all CPOWs and all CPOW targets live in the junk scopes (privileged in the child, unprivileged in the parent).
Attachment #8475566 - Flags: review?(bobbyholley) → review-
More specifically:

* Parent->Child CPOWs and their targets should live in the privileged junk scope.
* Child->Parent CPOWs should live in the privileged junk scope, and their target should live in the unprivileged junk scope.
Summary: Different compartments should get different CPOWs → Hoist CPOWs into the junk scopes of each process
Taking this, per IRC discussion with billm.
Assignee: wmccloskey → bobbyholley
Blocks: 1065811
Attachment #8488446 - Flags: review?(wmccloskey)
Attachment #8475566 - Attachment is obsolete: true
Attachment #8488443 - Flags: review?(wmccloskey) → review+
Attachment #8488444 - Flags: review?(wmccloskey) → review+
Attachment #8488445 - Flags: review?(wmccloskey) → review+
Comment on attachment 8488446 [details] [diff] [review]
Part 4 - Tests. v1

Review of attachment 8488446 [details] [diff] [review]:

Looks great! Thanks again.
Attachment #8488446 - Flags: review?(wmccloskey) → review+
You need to log in before you can comment on or make changes to this bug.