Improve comments in security interfaces that embeddors might implement

RESOLVED WORKSFORME

Status

()

Core
Security: PSM
P2
normal
RESOLVED WORKSFORME
10 years ago
2 years ago

People

(Reporter: kaie, Unassigned)

Tracking

({sec-want})

Trunk
sec-want
Points:
---
Bug Flags:
wanted-next +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:want P1])

(Reporter)

Description

10 years ago
PSM provides interfaces that embedding applications can override.
They are designed to allow applications to use their own chrome.

Some interfaces are designed to give users a choice to review sensitive information and make momentous decisions, like installing a CA cert as trusted or providing a private key to an issuing authority.

This bug proposes to review the existing interfaces and use more obvious comments.

This will prevent embeddors from accidentially using wrong function result values and hopefully will prevent security issues.


The following interfaces might be of interest:

 nsITokenPasswordDialogs,
 nsICertificateDialogs,
 nsIClientAuthDialogs,
 nsICertPickDialogs,
 nsITokenDialogs,
 nsIDOMCryptoDialogs,
 nsIGeneratingKeypairInfoDialogs

There might be other interfaces I'm missing.


Here are some first proposals:

 ConfirmDownloadCACert
   // If an implementation chooses not to implement UI for displaying
   // the cert and asking the user for confirmation,
   // then this function must return PR_FALSE.

 ConfirmKeyEscrow
   // If an implementation chooses not to implement UI that asks the user for 
   // confirmation to hand out the private key, 
   // then this function must return PR_FALSE.
I'm not sure this bug needs to be security-sensitive, although I guess it won't hurt to it that way until Nokia can update their implementation.
Flags: blocking1.9?
Whiteboard: [sg:want P1]

Updated

10 years ago
Flags: blocking1.9? → blocking1.9+
Priority: -- → P1

Comment 2

10 years ago
Kai will you have time for this before ship?
Priority: P1 → P2
Flags: tracking1.9+
Flags: wanted-next+
(Reporter)

Updated

6 years ago
Assignee: kaie → nobody
Group: core-security
(Reporter)

Comment 3

6 years ago
I'm no longer sure this deserves to have a high priority. Nobody else has made the same mistake in the previous 4 years.

Comment 4

2 years ago
The PSM IDL documentation is somewhat lacking, but AIUI, nobody really embeds Gecko anymore.
So, we can just fix each IDL one at a time as reasonable.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.