Closed Bug 236193 Opened 22 years ago Closed 22 years ago

Only active Context for compilation

Tracking

(Not tracked)

Status:

RESOLVED FIXED

Milestone:

1.5R5

People

(Reporter: igor, Assigned: igor)

Details

Attachments

(1 file)

Implementation 22 years ago Igor Bukanov 19.07 KB, patch		Details \| Diff \| Splinter Review

Igor Bukanov

Assignee

Description

•

22 years ago

To prevent a security breach when untrusted script calls Interpreter.compile with null for Context argument to construct Script instances without any associated security domain I suggest to change Interpreter and optimizer/Codegen to use only currently entered Context as a source of SecurityController. In addition, the interpreter to drop privileges should use SecurityController that was used during compilation, not the current one in Context, to prevent executing of compiled scripts with different SecurityController implementation or even without it.

Igor Bukanov

Assignee

Updated

•

22 years ago

Assignee: nboyd → igor

Igor Bukanov

Assignee

Comment 1

•

22 years ago

Attached patch Implementation — Details — Splinter Review

Igor Bukanov

Assignee

Comment 2

•

22 years ago

I committed the attchment 142750

Status: NEW → RESOLVED

Closed: 22 years ago

Resolution: --- → FIXED

Igor Bukanov

Assignee

Comment 3

•

21 years ago

Adding proper target milestone

Target Milestone: --- → 1.5R5

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Only active Context for compilation

Categories

(Rhino Graveyard :: Compiler, defect)

Tracking

(Not tracked)

People

(Reporter: igor, Assigned: igor)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Comment 3

Attachment

General

Description

File Name

Content Type