Closed Bug 1220223 Opened 9 years ago Closed 9 years ago

don't load PKCS11 modules in safe mode

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

Attachments

(1 file)

Buggy PKCS11 modules can cause problems for Firefox (e.g. crashes - this may be what's going on in bug 1164826). If started in safe mode, Firefox shouldn't load these modules.
Assignee: nobody → dkeeler
bug 1220223 - don't load PKCS11 modules in safe mode
Attachment #8682821 - Flags: review?(mgoodwin)
Attachment #8682821 - Flags: review?(benjamin)
:bsmedberg - the review request is mainly to make sure I did the inSafeMode check correctly and that there aren't any gotchas there. Thanks!
Attachment #8682821 - Flags: review?(mgoodwin) → review+
Comment on attachment 8682821 [details] MozReview Request: bug 1220223 - don't load PKCS11 modules in safe mode https://reviewboard.mozilla.org/r/24157/#review21651 Looks good. ::: security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js:14 (Diff revision 1) > +// Registers an nsIXULRuntime so the test can control whether or not the Is there a reason you don't want this to be an nsIXULAppInfo? If not, there's at least one other place (test_cert_blocklist.js) where we use an nsIXULAppInfo (which implements nsIXULRuntime) and there will likely be others in the future. Could we create registerAppInfo in head_psm.js and use that instead? Obviously no issue if not.
Comment on attachment 8682821 [details] MozReview Request: bug 1220223 - don't load PKCS11 modules in safe mode https://reviewboard.mozilla.org/r/24157/#review21707 ::: security/manager/ssl/nsNSSComponent.cpp:1027 (Diff revision 1) > + if (!runtime) { I don't think this check is "safe". XUL apps have a nsIXULRuntime, but other contexts (xpcshell certainly, probably some other unit tests, and some weird embedded situations) aren't going to have one. This should probably fail-closed (don't load external PKCS modules) but shouldn't fail completely.
Attachment #8682821 - Flags: review?(benjamin)
Attachment #8682821 - Flags: review-
Comment on attachment 8682821 [details] MozReview Request: bug 1220223 - don't load PKCS11 modules in safe mode Review request updated; see interdiff: https://reviewboard.mozilla.org/r/24157/diff/1-2/
Attachment #8682821 - Flags: review- → review?(benjamin)
Hmmm. reviewboard seems to have eaten my replies. I'll reproduce them here: (In reply to Mark Goodwin [:mgoodwin] from comment #3) > Comment on attachment 8682821 [details] > MozReview Request: bug 1220223 - don't load PKCS11 modules in safe mode > > https://reviewboard.mozilla.org/r/24157/#review21651 > > Looks good. > > ::: security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js:14 > (Diff revision 1) > > +// Registers an nsIXULRuntime so the test can control whether or not the > > Is there a reason you don't want this to be an nsIXULAppInfo? If not, > there's at least one other place (test_cert_blocklist.js) where we use an > nsIXULAppInfo (which implements nsIXULRuntime) and there will likely be > others in the future. Could we create registerAppInfo in head_psm.js and use > that instead? > > Obviously no issue if not. That's what I tried originally. This resulted in a mismatch due to the nsIXULAppInfo being registered under "@mozilla.org/xre/app-info;1", whereas nsNSSComponent gets an nsIXULRuntime from "@mozilla.org/xre/runtime;1". I could change the latter, but while it does appear that some nsIXULRuntime instances are obtained from "app-info", most are from "runtime", so I thought it good to be as consistent as possible there. (In reply to Benjamin Smedberg [:bsmedberg] from comment #4) > Comment on attachment 8682821 [details] > MozReview Request: bug 1220223 - don't load PKCS11 modules in safe mode > > https://reviewboard.mozilla.org/r/24157/#review21707 > > ::: security/manager/ssl/nsNSSComponent.cpp:1027 > (Diff revision 1) > > + if (!runtime) { > > I don't think this check is "safe". XUL apps have a nsIXULRuntime, but other > contexts (xpcshell certainly, probably some other unit tests, and some weird > embedded situations) aren't going to have one. This should probably > fail-closed (don't load external PKCS modules) but shouldn't fail completely. OK - sounds like a plan.
Comment on attachment 8682821 [details] MozReview Request: bug 1220223 - don't load PKCS11 modules in safe mode https://reviewboard.mozilla.org/r/24157/#review22075
Attachment #8682821 - Flags: review?(benjamin) → review+
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: