Closed
Bug 211804
Opened 22 years ago
Closed 5 years ago
mail should use rdf delegates instead of resource factories
Categories
(MailNews Core :: Backend, defect)
MailNews Core
Backend
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: axel, Unassigned)
References
Details
(Keywords: sec-moderate, Whiteboard: [sg:moderate])
Attachments
(2 files)
|
438.96 KB,
patch
|
Details | Diff | Splinter Review | |
|
420.78 KB,
patch
|
Details | Diff | Splinter Review |
Mail makes use of resource factories which cause trouble with remote rdf content
(you can easily create any resource with a tree and a rdf file).
I have at least found the mailfolders to work via resource factories.
It should use delegates to bind data to resources instead.
|
||
Comment 1•22 years ago
|
||
axel, can you elaborate on how this is a securty-sensitive bug?
|
Reporter | |
Comment 3•22 years ago
|
||
Any webpage can create any resource. So any resource implementation that is
around needs to be security checked.
I didn't find any obvious security or privacy issues in the impls in mailnews,
though I'm not 100% sure about it, esp about the things that involve outlook.
I wouldn't claim to have done a real security review on these resource impls
and their use, though.
One example exploit would be if one could spoof the existence of addressbooks or
entries by trying to get to that resource in a remote foo.rdf file. If the
assertion isn't there, you don't have it. Or something like that.
This is more about potential security problems than about a known attack. If
this is enough to have this have the box checked or not, is up to others. I was
asked to check the box, so I did. Better safe than sorry.
|
||
Comment 4•21 years ago
|
||
Have patch.
Assignee: mscott → bsmedberg
Priority: -- → P1
QA Contact: esther → mscott
Target Milestone: --- → mozilla1.8alpha
|
|
||
Comment 5•21 years ago
|
||
This is a freakishly large patch that makes very few real changes. The only
real changes are
1) I decontaminated the process of constructing mailnews folder
implementations. Instead of calling createInstance in the component manager, we
just #include the proper header and create one. There's lots more of the
decontamination work that could be done.
2) Since the reference model used by existing RDF delegates was guaranteed to
cause circular references in some cases, I had to define the model more
carefully. This means that the weak-reference model is now used by search
delegates.
|
|
||
Comment 6•21 years ago
|
||
Comment on attachment 148373 [details] [diff] [review]
Use delegates instead of resources
Scott, I don't know whether you or David would be better reviewing this, so
I'll let you two vie for such pleasant duty.
Attachment #148373 -
Flags: superreview?(mscott)
Attachment #148373 -
Flags: review?(mscott)
|
|
||
Comment 7•21 years ago
|
||
Seth might have some interest in this...
a -uw diff would make the diff a little smaller, remove the whitespace-only changes.
|
|
||
Comment 9•21 years ago
|
||
Same thing, diff -w
Just a note, this patch depends on bug 211801 (and needs to land with that
patch). Also, I need to do a CVS-copy:
from mailnews/addrbook/src/nsAbDirectoryRDFResource.h/cpp
to mailnews/addrbook/src/nsAbDirectoryRDFDelegate.h/cpp
If you want to test this patch, you can make symlinks in your local tree from
the old location to the new one.
|
||
Comment 10•21 years ago
|
||
Apart from leaving some debugging stuff in the patch, I noticed that bsmedberg
started trying to integrate some cleanup into the patch, but gave up, because it
was making the patch too big. I'd like to be able to believe that a followup
patch to finish off the cleanup would get reviewed...
|
||
Updated•21 years ago
|
Product: MailNews → Core
|
|
||
Updated•20 years ago
|
Priority: P1 → P3
Target Milestone: mozilla1.8alpha1 → mozilla1.9alpha
|
|
||
Comment 11•20 years ago
|
||
Comment on attachment 148373 [details] [diff] [review]
Use delegates instead of resources
This has thoroughly rotted: I'm going to need a different approach that doesn't
rot quite so quickly.
Attachment #148373 -
Flags: superreview?(mscott)
Attachment #148373 -
Flags: review?(mscott)
|
||
Updated•19 years ago
|
Whiteboard: [sg:investigate]
|
||
Comment 13•18 years ago
|
||
Adding jminta to the CC list, as he is working on kill-RDF.
|
Assignee | |
Updated•17 years ago
|
Product: Core → MailNews Core
|
|
||
Updated•14 years ago
|
Whiteboard: [sg:investigate] → [sg:moderate]
|
|
||
Comment 14•14 years ago
|
||
We think we're more likely to make progress on this issue if the bug is open, and the threat seems fairly vague for mail folders.
Group: core-security
|
|
||
Comment 15•14 years ago
|
||
Given how large and invasive the attempted patch was and the fact that we want to remove RDF anyways, it's probably a better use of time to work on de-RDF instead.
|
|
||
Updated•13 years ago
|
Keywords: sec-moderate
|
||
Comment 16•10 years ago
|
||
Removing myslef on all the bugs I'm cced on. Please NI me if you need something on MailNews Core bugs from me.
|
||
Comment 17•10 years ago
|
||
(In reply to Joshua Cranmer [:jcranmer] from comment #15)
> Given how large and invasive the attempted patch was and the fact that we
> want to remove RDF anyways, it's probably a better use of time to work on
> de-RDF instead.
indeed
|
||
Comment 18•5 years ago
|
||
de-RDF took care of this.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•