Remove "trusted codebase" mechanism

VERIFIED FIXED in mozilla1.0



17 years ago
17 years ago


(Reporter: Mitchell Stoltz (not reading bugmail), Assigned: Mitchell Stoltz (not reading bugmail))



Firefox Tracking Flags

(Not tracked)



(1 attachment, 1 obsolete attachment)

30.86 KB, patch
Mitchell Stoltz (not reading bugmail)
: review+
Mitchell Stoltz (not reading bugmail)
: superreview+
Details | Diff | Splinter Review
In November I added a mechanism for allowing unsigned content to enable
privileges without enabling codebase principals generally. This isn't really a
safe thing to do - it means we're trusting DNS to verify the identity of a
remote site, and DNS isn't meant to be a secure verification of identity. This
feature was checked in as a temporary measure, and I'd like to remove it now so
as to encourace the use of more secure methods (signed scripts).


17 years ago
Target Milestone: --- → mozilla1.0

Comment 1

17 years ago
Created attachment 74465 [details] [diff] [review]
Patch - also includes some other fixes

Here's a fix for this bug, and these others:
128861, 131342, 131340, 128697.


17 years ago
Keywords: patch
Whiteboard: needs review and a=
replace |new PLDHashTable()| with PL_NewHashTable() and call
PL_DHashTableDestroy() to destroy a pldhash in stead of deleting it.

+                    if (myScheme.Equals("http"))
+                        defaultPort = 80;

What about "https"?

+NS_NAMED_LITERAL_CSTRING(sPolicyPrefix, "capability.policy.");

Make this static.

With that, sr=jst

Comment 3

17 years ago
Comment on attachment 74465 [details] [diff] [review]
Patch - also includes some other fixes

>@@ -403,6 +408,7 @@
>     PRBool mIsWritingPrefs;
>     nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
>     PRBool mNameSetRegistered;
>+    PRBool mPolicyPrefsChanged;
> };
Can you replace PRBool with PRPackedBool?

>+    nsCOMPtr<nsIURI> myBaseURI(mURI);
>+    while((jarURI = do_QueryInterface(myBaseURI)))
>+    {
>+        jarURI->GetJARFile(getter_AddRefs(myBaseURI));
>+    }

Are you sure myBaseURI will always be a valid memory? If yes then please add
a comment supporting that.

>+                        nsCOMPtr<nsIIOService> ioService(
>+                            do_GetService(NS_IOSERVICE_CONTRACTID));
>+                        if (!ioService)
>+                            return rv;

What is rv here? Shouldn't this be do_GetService(NS_IOSERVICE_CONTRACTID,
&rv)); or something
like that?

Comment 4

17 years ago
>+        else if (otherScheme.Equals("imap")    ||
             otherScheme.Equals("mailbox") ||
>+                 otherScheme.Equals("news"))

Correct the indendation.

Comment 5

17 years ago
Created attachment 74865 [details] [diff] [review]
Patch 2, with changes

This incorporates the above comments.
Attachment #74465 - Attachment is obsolete: true

Comment 6

17 years ago
Comment on attachment 74865 [details] [diff] [review]
Patch 2, with changes

With those changes, I'm going to assume I have r and sr.
Attachment #74865 - Flags: superreview+
Attachment #74865 - Flags: review+

Comment 7

17 years ago
Comment on attachment 74865 [details] [diff] [review]
Patch 2, with changes

a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #74865 - Flags: approval+

Comment 8

17 years ago
Checked in on trunk. Would like to check this into the 0.9.9 branch too.
Whiteboard: needs review and a= → fixed on trunk, need 0.9.9

Comment 9

17 years ago
Never mind, fix for 0.9.9 is not needed. Marking fixed.
Last Resolved: 17 years ago
Resolution: --- → FIXED
Whiteboard: fixed on trunk, need 0.9.9

Comment 10

17 years ago
Marking verified as per above developer comments.
You need to log in before you can comment on or make changes to this bug.