Closed
Bug 449093
Opened 16 years ago
Closed 16 years ago
Before initializing NSS, PSM should shut it down if it is already initialized
Categories
(Core :: Security: PSM, enhancement)
Tracking
()
RESOLVED
INVALID
People
(Reporter: nelson, Assigned: KaiE)
References
Details
On some platforms where NSS is part of the OS, and where OS libraries (such as those used by Name Service Switch, the other NSS) use NSS for SSL (e.g. for LDAP over SSL), it is possible that NSS will have been initialized in the Mozilla client process before PSM initializes it. In such cases, NSS will typically have been initialized to use some other directory of DB files than the user's Mozilla profile directory. Since NSS is already initialized, when PSM tries to initialize it, NSS reports that it is initialized, even though it is not using the directories that PSM has asked it to use. (This NSS behavior is by design.) The result is that the mozilla client is NOT using the user's profile DBs, and the user does not get behavior that he would get if his profile DBs were being used (i.e. his personal certs are gone, and CAs he has trusted are no longer trusted). So, I propose this solution (or perhaps it is a workaround): I propose that, immediately prior to initializing NSS, PSM should check to see if it is already initialized (I believe NSS offers a public function for that purpose) and if so, PSM should shut down NSS before initializing it with the user's profile DB directory.
Comment 1•16 years ago
|
||
Shutting down NSS sounds like a good idea. The only downside I can see is that some other component within the process may be actively using NSS when it is shut down (that seems fairly unlikely though).
Assignee | ||
Comment 2•16 years ago
|
||
I like Nelson's proposal. Nelson, on which branches do we need this fix? What's the Mozilla application versions that people would like to see fixed?
Reporter | ||
Comment 3•16 years ago
|
||
The original complaint named both FF2 and FF3.
Reporter | ||
Comment 4•16 years ago
|
||
This idea probably would lead to crashes. :( Imagine some code that uses NSS, and obtains pointers to objects from NSS, objects such as CERTCertificates. If that code continues to run, after NSS is shutdown and restarted, the pointers held by that code from before will be stale, and subsequent uses of them will likely crash.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•