Closed
Bug 40159
Opened 25 years ago
Closed 25 years ago
Remembering UniversalXPConnect decision causes future seg faults
Categories
(Core :: Security, defect, P3)
Tracking
()
VERIFIED
FIXED
M17
People
(Reporter: dan, Assigned: security-bugs)
References
Details
(Keywords: crash, Whiteboard: [nsbeta2+] ETA 7/25 - Fix in hand.)
Attachments
(2 files)
Created a XUL file as such (/home/dan/test.xul):
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
<window title="test"
xmlns:html="http://www.w3.org/TR/REC-html40"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script language="javascript">
<![CDATA[
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
const vFilePicker = Components.interfaces.nsIFilePicker;
]]>
</script>
<text value="Got Here"/>
</window>
--- end file
Ran mozilla as such:
./mozilla -P default -chrome file://home/dan/test.xul
When the Internet Security box pops up, I allow the script to
continue (selecting "Yes") and allow the app to "remember my
decision (checkbox on lower left corner of popup).
This causes following lines in my /home/dan/.mozilla/default/prefs.js:
user_pref("security.principal.codebase.p0.granted", "UniversalXPConnect");
user_pref("security.principal.codebase.p0.id", "file://");
Future invokations of mozilla using same command line as above
causes a segmentation fault:
.//run-mozilla.sh: line 29: 1708 Segmentation fault $prog ${1+"$@"}
Removing the two lines from my prefs.js allows me to run mozilla.
I've also encountered this problem on win2k. Perhaps I've
cateogrized this problem incorrectly? Maybe it's a security
problem...
Component: XPConnect → Security: General
This appears to be infinite recursion in nsScriptSecurityManager resulting in a
stack overflow. I'm attaching a stack trace from WinNT4.
changed severity to critical and added crash keyword
Severity: normal → critical
Keywords: crash
|
Assignee | |
Comment 8•25 years ago
|
||
I don't know why this broke, but it's my top priority right now.
|
||
Comment 9•25 years ago
|
||
Putting on [NEED INFO] radar. PDT needs to know impact to user and risk of fix
to make a call on this bug. Are there any real world situations that users will
have that might lead to this problem?
Whiteboard: [NEED INFO]
|
|
Assignee | |
Comment 10•25 years ago
|
||
I think this is fixed, at least, I'm not seeing it anymore. Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 11•25 years ago
|
||
Reopening. This doesn't show up when the profile manager runs at startup. It only
shows up when using the default profile, which is why I wasn't seeing it before.
I'm working on it now.
to PDT: This bug means that enabling capabilities (signed scripts, custom XUL
apps) is broken. This is a crucial feature for beta2.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Assignee | |
Updated•25 years ago
|
Whiteboard: [NEED INFO]
|
|
Assignee | |
Comment 12•25 years ago
|
||
I have a low-risk fix ready to check in, waiting on approval.
Status: REOPENED → ASSIGNED
Whiteboard: Fix in hand.
|
|
Assignee | |
Comment 13•25 years ago
|
||
*** Bug 45103 has been marked as a duplicate of this bug. ***
|
|
||
Comment 14•25 years ago
|
||
Putting on [nsbeta2+] radar for beta2 fix.
Whiteboard: Fix in hand. → [nsbeta2+] Fix in hand.
|
|
Assignee | |
Comment 15•25 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago → 25 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 18•25 years ago
|
||
Reopening. Remembering a privilege granted to a codebase principal (with codebase
principals enabled) is still causing an infinite recurse during startup. This
needs to be fixed more comprehensively.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
|
||
Comment 19•25 years ago
|
||
Is this new case still worthy of nsbeta2+? In what way will this impact the
user?
|
|
Assignee | |
Comment 20•25 years ago
|
||
It's the same bug, therefore still nsbeta2. User can't save the decision to grant
XPConnect privileges to a script (used often) without making the browser crash on
startup which is permanent until the relevant lines are removed from prefs. I
have a final fix ready to go in today.
|
||
Comment 21•25 years ago
|
||
Adding ETA per warren.
Whiteboard: [nsbeta2+] Fix in hand. → [nsbeta2+] ETA 7/25 - Fix in hand.
|
|
Assignee | |
Comment 22•25 years ago
|
||
Fix checked in. To verify, enable codease principals, run an unsigned script
which enables privileges, and click Remember This Decision. Then quit and restart
the browser. This bug was causing a crash on startup; this should be gone now.
Status: REOPENED → RESOLVED
Closed: 25 years ago → 25 years ago
Resolution: --- → FIXED
|
||
Comment 23•25 years ago
|
||
Did so, enable codebase to true, remember the decision, reopen browser, no
dialog and no crash, repeated several times, it is fine, played around with
remember and not remember decision, no inconsistent found, no crash, assume
fixed
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•