Closed
Bug 1260907
Opened 8 years ago
Closed 8 years ago
nsGlobalWindow needs to handle user context id correctly.
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: huseby, Assigned: jhao)
References
Details
(Whiteboard: [userContextId][OA][domsecurity-active])
In nsGlobalWindow.cpp there is a call to createCodebasePrincipal here: https://mxr.mozilla.org/mozilla-central/source/dom/base/nsGlobalWindow.cpp#8035 It appears that this code is doing the right thing. It is passing the origin attributes from the top level windows into the principal that is being created. We need to analyze how the newly created principal is used. Is it being use to isolate browser state in any way? If it is, do we want to isolate on user context id?
Reporter | ||
Updated•8 years ago
|
Component: DOM → DOM: Security
(In reply to Dave Huseby [:huseby] from comment #0) > Is it being use to isolate browser state in any way? If it is, do we want > to isolate on user context id? Bug 1249224 already sets the userContextId which got from subject priciapl on the new window. Is this what you want?
Reporter | ||
Updated•8 years ago
|
Whiteboard: [userContextId] → [userContextId][OA]
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → jhao
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•8 years ago
|
||
(In reply to Dave Huseby [:huseby] from comment #0) > In nsGlobalWindow.cpp there is a call to createCodebasePrincipal here: > > https://mxr.mozilla.org/mozilla-central/source/dom/base/nsGlobalWindow. > cpp#8035 > > It appears that this code is doing the right thing. It is passing the > origin attributes from the top level windows into the principal that is > being created. We need to analyze how the newly created principal is used. > Is it being use to isolate browser state in any way? If it is, do we want > to isolate on user context id? The newly created principal is used to create a PostMessageEvent[1]. It becomes that event's member mProvidedPrincipal and is only used once. This code[2] checks if mProvidedPrincipal matches the target window's principal. Since as Yoshi said, the userContextIds are set in subject principal, windows with different userContextId won't be able to communicate to each other by postMessage. I think that's exactly what we want, because if windows with different userContextIds can communicate by postMessage, the user's privacy will be compromised. I'm thinking about closing this bug, but I'm not sure if we need a test to ensure the correct behavior.
Assignee | ||
Comment 3•8 years ago
|
||
(In reply to Jonathan Hao [:jhao] from comment #2) > The newly created principal is used to create a PostMessageEvent[1]. It > becomes that event's member mProvidedPrincipal and is only used once. This > code[2] checks if mProvidedPrincipal matches the target window's principal. > Since as Yoshi said, the userContextIds are set in subject principal, > windows with different userContextId won't be able to communicate to each > other by postMessage. I think that's exactly what we want, because if > windows with different userContextIds can communicate by postMessage, the > user's privacy will be compromised. > > I'm thinking about closing this bug, but I'm not sure if we need a test to > ensure the correct behavior. [1] https://dxr.mozilla.org/mozilla-central/source/dom/base/nsGlobalWindow.cpp?from=nsGlobalWindow.cpp#8076 [2] https://dxr.mozilla.org/mozilla-central/source/dom/base/PostMessageEvent.cpp#107
Updated•8 years ago
|
Whiteboard: [userContextId][OA] → [userContextId][OA][domsecurity-active]
Assignee | ||
Comment 4•8 years ago
|
||
I talked to baku. He said that you can only get another window's reference by either window.open() or if it's an iframe inside. In either case, the other window will be in the same user context, so there should never be a case when we can do window-to-window postMessage to another window in a different user context. So, there's no need to write a test for it. I did write a test and almost finished but later realized I was testing BroadcastChannel's postMessage. So, I opened bug 1268803 and intend to put my patch there.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Comment 5•8 years ago
|
||
(In reply to Jonathan Hao [:jhao] from comment #4) > I did write a test and almost finished but later realized I was testing > BroadcastChannel's postMessage. So, I opened bug 1268803 and intend to put > my patch there. Thanks for clarifying this. Good job!
You need to log in
before you can comment on or make changes to this bug.
Description
•