339853 - [1.8branch] nsIJMVManager method returns non-scriptable nsIPrincipal

Status: RESOLVED FIXED

(Core :: Security: CAPS, defect)

Description

[jhp (no longer active)]

One of the methods for the scriptable interface nsIJVMManager uses the interface nsIPrincipal.  This is not a problem on the trunk, since nsIPrincipal is also scriptable.  However, on the 1.8 branch it is not, and that is causing problems with my JavaXPCOM work (see bug 337723).

There are several solutions/workarounds to this problem:
(1) Backport the changes to nsIPrincipal.idl from bug 327242 (but not the changes to nsIScriptSecurityManager.idl).  This patch made nsIPrincipal scriptable, but kept most of its methods [noscript].
(2) Add [noscript] to the relevant method (isAppletTrusted) in the nsIJVMManager interface.
(3) Hack the Java side of xpidl to ignore the nsIJVMManager interface and not write anything out.  It doesn't look like this interface would be very useful to a Java embedder;  except maybe for showJavaConsole().
(4) Hack xpidl write out a 'dummy' nsIPrincipal.java file, which would only have the IID, but no methods/attributes.  This would be enough to allow javac to compile nsIJVMManager.java properly.

As has been argued on bug 337723, I prefer solution (1).  But bz says there may be security implications to this change.  So given that, I think solution (2) is best.  What do you guys think?

Comment 1

[jhp (no longer active)]

Attachment: patch

Solution (2).

Comment 2

[Boris Zbarsky [:bzbarsky]]

> But bz says there may be security implications to this change.

s/may be/are/  ;)

I think solution 2 is the way to go.

Comment 3

[jhp (no longer active)]

Crap, just checked this in to the 1.8 branch, and noticed that I was still waiting for bsmedberg's review.  Well, bz's review should hopefully be enough.  ->FIXED