Closed Bug 240668 Opened 21 years ago Closed 20 years ago

JAR signature certs should not be stored in certificate store

Categories

(Core Graveyard :: Security: UI, defect)

Other Branch
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

Attachments

(1 file)

BUILD: 2004-04-10-08 Mozilla.org Linux nightly STEPS TO REPRODUCE: 1) Load https://secure.arcamax.com/moztest/amirootca.cacert 2) Accept that CA cert and allow it to sign software 3) Load https://secure.arcamax.com/moztest/moztest2.jar (may not stick around for long). 4) Deny the privilege request (this part is not actually relevant to the bug, but it's safer this way). 5) Go to Edit > Preferences > Privacy and Security > Certificates 6) Click "Manage Certificates" 7) Switch to "Web Sites" tab in the dialog 8) Look for certificates under "arcamax.com" EXPECTED RESULTS: nothing there ACTUAL RESULTS: the certificate used to sign the jar is present The problem seems to be that nsNSSComponent::VerifySignature passes PR_TRUE for the "keepcerts" argument of SEC_PKCS7VerifyDetachedSignature. The only users of this function are nsJAR, the CertReader in xpinstall, and nsJVMManager::IsAppletTrusted. So we should either be passing PR_FALSE or push the decision up to the callers of the nsISignatureVerifier interface (and change those three callers to pass PR_FALSE).
Assignee: kaie → nobody
So... I'm willing to do the work of fixing this bug if someone who can claim to be an owner for the NSS interfaces actually tells me what the nsISignatureVerifier interface is supposed to represent (and hence which of the two proposed solutions would be preferable).
I've only ever made use of nsISignatureVerifier to compute an MD5 hash. Unfortunately, the verifySignature method is not documented :( It'd be nice if mstoltz or ddrinan were still around since they have CVS blame for that interface.
Are the "expected" and "actual" results switched in the description above? This bug seems to complain tht the certs are not listed among the stored certs, yet the proposed fix seems to have the opposite effect, of ensuring that they will not be stored. So, it's not clear to me what the real problem is, and what fix is really desired. In general, applications that verify signatures on various random signed things should not be routinely adding the signature-verification certs which accompany those signatures to the local cert store. Email is one of the few exceptions, and in that case, only encryption certs, not signature certs should be added. Can someone here please add a comment with an LXR URL for the code that is calling the PKCS7 API with keepcerts == true? Also, the old PKCS7 API was superseded long ago with the new CMS API, which (IINM) is now used for email. If the cited instance is one of the last remaining calls to the old deprecated PKCS7 API, perhaps now is the time to complete the conversion to the new API.
> Are the "expected" and "actual" results switched in the description above? No. > This bug seems to complain tht the certs are not listed No, the bug complains that they _are_ listed. The problem is that random certificates that are used to sign code are automatically added to the certificate store. When I pointed this out to you back in April, you said that was wrong and that I should file a bug. This is that bug. > Can someone here please add a comment with an LXR URL http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/ssl/src/nsNSSComponent.cpp&rev=1.118#1438
Oh, and I'll look into switching to the new API; whether we do that or not doesn't affect the question of whether VerifySignature() should let the caller decide whethe to store the signing cert, or whether it should unconditionally not store it.
IMO, none of the 3 uses of this function documented above (nsJAR, the CertReader in xpinstall, and nsJVMManager::IsAppletTrusted) should be "keeping" the certs they decode from the signatures. So, you could just change the keepcerts argument to false. If you anticipate that this function will someday be used for applications like email, which frequently convey both signing certs and encrytpion certs, with the expectation of receiving an encrypted reply, then you might choose to burden the callers with deciding whether or not to keep the certs.
Attached patch PatchSplinter Review
Fix for this bug. I'll file a separate bug on switching to the CMS api; it's not immediately clear to me how to map the SEC_PKCS7DecryptionAllowedCallback arg into it....
Attachment #174387 - Flags: superreview?(shaver)
Attachment #174387 - Flags: review?(jgmyers)
Comment on attachment 174387 [details] [diff] [review] Patch sr=shaver, but why the rewrapping?
Attachment #174387 - Flags: superreview?(shaver) → superreview+
Hmm... it was being too wide for my editor, but that seems to be set at 79 chars. I'll undo that before landing.
Comment on attachment 174387 [details] [diff] [review] Patch I agree with what Nelson said in the second paragraph of comment 3. Wrapping lines longer than 80 characters is fine.
Attachment #174387 - Flags: review?(jgmyers) → review+
Bug 283099 filed on the switch to CMS.
Assignee: nobody → bzbarsky
Fixed on trunk for 1.8b2.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: