[mac os x] nntp root stored raw path in prefs

RESOLVED INVALID

Status

MailNews Core
Networking: NNTP
RESOLVED INVALID
15 years ago
8 years ago

People

(Reporter: Joseph Delaney, Unassigned)

Tracking

Trunk
PowerPC
Mac OS X

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4b) Gecko/20030423
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4b) Gecko/20030423

Browsing in the "about:config" list reveals that all the path names to
directories are encrypted, with the exception of "mail.news_rc.root" which list
the full path including the ".slt" directory. 

Since the encryption is meant to hide the location of the .slt directory in
order to head off hacks and security holes, this looks like a potential problem
to me. 

Reproducible: Always

Steps to Reproduce:
1. Type "about:config" in the location bar
2. Scroll down to mail.news_rc.root


Actual Results:  
The secret directory is revealed in plain text.

Comment 1

15 years ago
There are actually quite a few mail prefs that show the complete path.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Are they really encryped? I see a cache pref and download dir prefs in plain
text, among with some others. What do you see, and how do you tell things are
encrypted?
(Reporter)

Comment 3

15 years ago
My download dir is listed as a long string beginning with six "A"s and ending with:

za3RvcC9Eb3dubG9hZHMAABMAAS8A//8AAA==

It looks nothing like a path. I'm not *certain* that it is encrypted, but it
certainly not plain text and since that seems like a hugely good idea I assumed
that was the  case. I do use Mozilla's password manager and have the encryption
turned on in those settings, if that makes any difference here.

I'm on another Mac right now that has Mozilla 2003042708, and in this case
almost all of the paths are in the above assumed-encrypted form, including 
mail.news_rc.root. The only other paths that I can see in plain text have mostly
predictable path names, like "/Applications/Mozilla.app/", but there are a few
where I can see the name of my hard drive and user directory without the .slt
directory (for example, editor.history_url_1 =
file:///Olympus/Users/jpd/Desktop/test.html ) which is not as bad, but shouldn't
it be consistent?

Comment 4

15 years ago
That's not encryption, that's a Mac OS file ref thing.
It *probably* means that the patch is not as portable as the others.
Assignee: mstoltz → sspitzer
Group: security
Component: Security: General → Networking: News
QA Contact: junruh → stephend
Summary: nntp root not encrypted in prefs, potentially exposing ".slt" directory? → [mac os x] nntp root stored raw path in prefs
If this bug is about being able to see the .slt directory name from
about:config, that's no bug. about:config can only be viewed by the user, and
the user can find that directory in her file system anyway.

If you have found a way for a remote attacker or malicious website to discover
the .slt directory name, or if I have misunderstood the problem, please let me know.
Product: MailNews → Core
sorry for the spam.  making bugzilla reflect reality as I'm not working on these bugs.  filter on FOOBARCHEESE to remove these in bulk.
Assignee: sspitzer → nobody
Filter on "Nobody_NScomTLD_20080620"
QA Contact: stephend → networking.news
(Assignee)

Updated

10 years ago
Product: Core → MailNews Core
The .root-rel pref has been added which renders this bug invalid.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.