Closed
Bug 236193
Opened 20 years ago
Closed 20 years ago
Only active Context for compilation
Categories
(Rhino Graveyard :: Compiler, defect)
Rhino Graveyard
Compiler
Tracking
(Not tracked)
RESOLVED
FIXED
1.5R5
People
(Reporter: igor, Assigned: igor)
Details
Attachments
(1 file)
19.07 KB,
patch
|
Details | Diff | Splinter Review |
To prevent a security breach when untrusted script calls Interpreter.compile with null for Context argument to construct Script instances without any associated security domain I suggest to change Interpreter and optimizer/Codegen to use only currently entered Context as a source of SecurityController. In addition, the interpreter to drop privileges should use SecurityController that was used during compilation, not the current one in Context, to prevent executing of compiled scripts with different SecurityController implementation or even without it.
Assignee | ||
Updated•20 years ago
|
Assignee: nboyd → igor
Assignee | ||
Comment 1•20 years ago
|
||
Assignee | ||
Comment 2•20 years ago
|
||
I committed the attchment 142750
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•