Closed Bug 236193 Opened 20 years ago Closed 20 years ago

Only active Context for compilation

Categories

(Rhino Graveyard :: Compiler, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: igor, Assigned: igor)

Details

Attachments

(1 file)

To prevent a security breach when untrusted script calls Interpreter.compile
with null for Context argument to construct Script instances without any
associated security domain I suggest to change Interpreter and optimizer/Codegen
to use only currently entered Context as a source of SecurityController. 

In addition, the interpreter to drop privileges should use SecurityController
that was used during compilation, not the current one in Context, to prevent
executing of compiled scripts with different SecurityController implementation
or even without it.
Assignee: nboyd → igor
Attached patch ImplementationSplinter Review
I committed the attchment 142750
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Adding proper target milestone
Target Milestone: --- → 1.5R5
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: