Remove "trusted codebase" mechanism

VERIFIED FIXED in mozilla1.0

Status

()

Core
Security
VERIFIED FIXED
17 years ago
17 years ago

People

(Reporter: Mitchell Stoltz (not reading bugmail), Assigned: Mitchell Stoltz (not reading bugmail))

Tracking

Trunk
mozilla1.0
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

30.86 KB, patch
Mitchell Stoltz (not reading bugmail)
: review+
Mitchell Stoltz (not reading bugmail)
: superreview+
Details | Diff | Splinter Review
In November I added a mechanism for allowing unsigned content to enable
privileges without enabling codebase principals generally. This isn't really a
safe thing to do - it means we're trusting DNS to verify the identity of a
remote site, and DNS isn't meant to be a secure verification of identity. This
feature was checked in as a temporary measure, and I'd like to remove it now so
as to encourace the use of more secure methods (signed scripts).
(Assignee)

Updated

17 years ago
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
(Assignee)

Comment 1

17 years ago
Created attachment 74465 [details] [diff] [review]
Patch - also includes some other fixes

Here's a fix for this bug, and these others:
128861, 131342, 131340, 128697.
(Assignee)

Updated

17 years ago
Keywords: patch
Whiteboard: needs review and a=
replace |new PLDHashTable()| with PL_NewHashTable() and call
PL_DHashTableDestroy() to destroy a pldhash in stead of deleting it.

+                    if (myScheme.Equals("http"))
+                        defaultPort = 80;

What about "https"?

+NS_NAMED_LITERAL_CSTRING(sPolicyPrefix, "capability.policy.");

Make this static.

With that, sr=jst

Comment 3

17 years ago
Comment on attachment 74465 [details] [diff] [review]
Patch - also includes some other fixes

>@@ -403,6 +408,7 @@
>     PRBool mIsWritingPrefs;
>     nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
>     PRBool mNameSetRegistered;
>+    PRBool mPolicyPrefsChanged;
> };
Can you replace PRBool with PRPackedBool?


>+    nsCOMPtr<nsIURI> myBaseURI(mURI);
>+    while((jarURI = do_QueryInterface(myBaseURI)))
>+    {
>+        jarURI->GetJARFile(getter_AddRefs(myBaseURI));
>+    }

Are you sure myBaseURI will always be a valid memory? If yes then please add
a comment supporting that.

>+                        nsCOMPtr<nsIIOService> ioService(
>+                            do_GetService(NS_IOSERVICE_CONTRACTID));
>+                        if (!ioService)
>+                            return rv;

What is rv here? Shouldn't this be do_GetService(NS_IOSERVICE_CONTRACTID,
&rv)); or something
like that?

Comment 4

17 years ago
>+        else if (otherScheme.Equals("imap")    ||
>+
             otherScheme.Equals("mailbox") ||
>+                 otherScheme.Equals("news"))

Correct the indendation.
(Assignee)

Comment 5

17 years ago
Created attachment 74865 [details] [diff] [review]
Patch 2, with changes

This incorporates the above comments.
Attachment #74465 - Attachment is obsolete: true
(Assignee)

Comment 6

17 years ago
Comment on attachment 74865 [details] [diff] [review]
Patch 2, with changes

With those changes, I'm going to assume I have r and sr.
Attachment #74865 - Flags: superreview+
Attachment #74865 - Flags: review+

Comment 7

17 years ago
Comment on attachment 74865 [details] [diff] [review]
Patch 2, with changes

a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #74865 - Flags: approval+
(Assignee)

Comment 8

17 years ago
Checked in on trunk. Would like to check this into the 0.9.9 branch too.
Whiteboard: needs review and a= → fixed on trunk, need 0.9.9
(Assignee)

Comment 9

17 years ago
Never mind, fix for 0.9.9 is not needed. Marking fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
Whiteboard: fixed on trunk, need 0.9.9

Comment 10

17 years ago
Marking verified as per above developer comments.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.