Closed Bug 131025 Opened 22 years ago Closed 22 years ago

Remove "trusted codebase" mechanism

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: security-bugs, Assigned: security-bugs)

Details

Attachments

(1 file, 1 obsolete file)

Patch 2, with changes
30.86 KB, patch
security-bugs
: review+
security-bugs
: superreview+
asa
: approval+
Details | Diff | Splinter Review 
In November I added a mechanism for allowing unsigned content to enable
privileges without enabling codebase principals generally. This isn't really a
safe thing to do - it means we're trusting DNS to verify the identity of a
remote site, and DNS isn't meant to be a secure verification of identity. This
feature was checked in as a temporary measure, and I'd like to remove it now so
as to encourace the use of more secure methods (signed scripts).
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Here's a fix for this bug, and these others:
128861, 131342, 131340, 128697.
Keywords: patch
Whiteboard: needs review and a=
replace |new PLDHashTable()| with PL_NewHashTable() and call
PL_DHashTableDestroy() to destroy a pldhash in stead of deleting it.

+                    if (myScheme.Equals("http"))
+                        defaultPort = 80;

What about "https"?

+NS_NAMED_LITERAL_CSTRING(sPolicyPrefix, "capability.policy.");

Make this static.

With that, sr=jst
Comment on attachment 74465 [details] [diff] [review]
Patch - also includes some other fixes

>@@ -403,6 +408,7 @@
>     PRBool mIsWritingPrefs;
>     nsCOMPtr<nsIThreadJSContextStack> mJSContextStack;
>     PRBool mNameSetRegistered;
>+    PRBool mPolicyPrefsChanged;
> };
Can you replace PRBool with PRPackedBool?


>+    nsCOMPtr<nsIURI> myBaseURI(mURI);
>+    while((jarURI = do_QueryInterface(myBaseURI)))
>+    {
>+        jarURI->GetJARFile(getter_AddRefs(myBaseURI));
>+    }

Are you sure myBaseURI will always be a valid memory? If yes then please add
a comment supporting that.

>+                        nsCOMPtr<nsIIOService> ioService(
>+                            do_GetService(NS_IOSERVICE_CONTRACTID));
>+                        if (!ioService)
>+                            return rv;

What is rv here? Shouldn't this be do_GetService(NS_IOSERVICE_CONTRACTID,
&rv)); or something
like that?
>+        else if (otherScheme.Equals("imap")    ||
>+
             otherScheme.Equals("mailbox") ||
>+                 otherScheme.Equals("news"))

Correct the indendation.
This incorporates the above comments.
Attachment #74465 - Attachment is obsolete: true
Comment on attachment 74865 [details] [diff] [review]
Patch 2, with changes

With those changes, I'm going to assume I have r and sr.
Attachment #74865 - Flags: superreview+
Attachment #74865 - Flags: review+
Comment on attachment 74865 [details] [diff] [review]
Patch 2, with changes

a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #74865 - Flags: approval+
Checked in on trunk. Would like to check this into the 0.9.9 branch too.
Whiteboard: needs review and a= → fixed on trunk, need 0.9.9
Never mind, fix for 0.9.9 is not needed. Marking fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Whiteboard: fixed on trunk, need 0.9.9
Marking verified as per above developer comments.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: