Closed
Bug 1186312
Opened 9 years ago
Closed 9 years ago
Cache API should not accept system principals for child processes
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla42
| Tracking | Status | |
|---|---|---|
| firefox42 | --- | fixed |
People
(Reporter: bkelly, Assigned: dimi)
References
Details
Attachments
(1 file)
|
2.02 KB,
patch
|
bkelly
:
review+
|
Details | Diff | Splinter Review |
Currently Cache API allows child processes to be opened for the system principal. There are no known uses cases for this currently. We should prevent this for now to avoid the case where the system principal is spoofed.
Note, IDB does allow child processes to use the system principal, but that is necessary for a couple specific databases on b2g. We should not replicate this if its not necessary.
Also, this will still allow things like about:serviceworkers to function. Utilities like this are ultimately opening CacheStorage on behalf of a real origin, not the system principal.
|
Reporter | |
Comment 1•9 years ago
|
||
Dimi, do you have any interest in implementing this one since you've been looking at PrincipalVerifier recently? I think its basically adding an "if system principal and aContentParent actor exists" check. If you hit that condition then we know there is a remote child saying it has the system principal and we should return failure.
Flags: needinfo?(dlee)
|
Assignee | |
Comment 2•9 years ago
|
||
(In reply to Ben Kelly [:bkelly] from comment #1)
> Dimi, do you have any interest in implementing this one since you've been
> looking at PrincipalVerifier recently? I think its basically adding an "if
> system principal and aContentParent actor exists" check. If you hit that
> condition then we know there is a remote child saying it has the system
> principal and we should return failure.
No problem, i will take it
Assignee: nobody → dlee
Flags: needinfo?(dlee)
|
|
Assignee | |
Comment 3•9 years ago
|
||
Hi Ben,
Could you suggest a good way to verify this ? thanks!
Attachment #8637794 -
Flags: review?(bkelly)
|
|
Reporter | |
Comment 4•9 years ago
|
||
Comment on attachment 8637794 [details] [diff] [review]
patch v1
Review of attachment 8637794 [details] [diff] [review]:
-----------------------------------------------------------------
Exactly what I was thinking. Thank you!
Unfortunately I'm not sure we can positively test that it blocks spoofing in our automation tests. We should at least verify this doesn't break any existing tests or functionality.
In addition to a try build, can you try the update/unregister buttons on about:serviceworkers in e10s desktop? I don't think those should trigger this, but lets verify.
Attachment #8637794 -
Flags: review?(bkelly) → review+
|
|
Assignee | |
Comment 5•9 years ago
|
||
Try result : https://treeherder.mozilla.org/#/jobs?repo=try&revision=2196ddd752fd
I also test update/unregister buttons on about:serviceworkers in e10s desktop as mentioned in Comment 4, it works fine.
Keywords: checkin-needed
Keywords: checkin-needed
|
||
Comment 7•9 years ago
|
||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•