Before initializing NSS, PSM should shut it down if it is already initialized

RESOLVED INVALID

Status

()

Core
Security: PSM
--
enhancement
RESOLVED INVALID
10 years ago
9 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: kaie)

Tracking

Trunk
Sun
Solaris
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

On some platforms where NSS is part of the OS, and where OS libraries 
(such as those used by Name Service Switch, the other NSS) use NSS for 
SSL (e.g. for LDAP over SSL), it is possible that NSS will have been 
initialized in the Mozilla client process before PSM initializes it.

In such cases, NSS will typically have been initialized to use some other
directory of DB files than the user's Mozilla profile directory.  Since NSS
is already initialized, when PSM tries to initialize it, NSS reports that 
it is initialized, even though it is not using the directories that PSM has
asked it to use. (This NSS behavior is by design.)  The result is that the
mozilla client is NOT using the user's profile DBs, and the user does not 
get behavior that he would get if his profile DBs were being used (i.e. 
his personal certs are gone, and CAs he has trusted are no longer trusted).

So, I propose this solution (or perhaps it is a workaround): 
I propose that, immediately prior to initializing NSS, PSM should check to 
see if it is already initialized (I believe NSS offers a public function
for that purpose) and if so, PSM should shut down NSS before initializing 
it with the user's profile DB directory.
(Reporter)

Updated

10 years ago
Blocks: 443408

Comment 1

10 years ago
Shutting down NSS sounds like a good idea.  The only downside I can see is that some other component within the process may be actively using NSS when it is shut down (that seems fairly unlikely though).
(Assignee)

Comment 2

10 years ago
I like Nelson's proposal.

Nelson, on which branches do we need this fix? What's the Mozilla application versions that people would like to see fixed?
(Reporter)

Comment 3

10 years ago
The original complaint named both FF2 and FF3.
This idea probably would lead to crashes. :(
Imagine some code that uses NSS, and obtains pointers to objects from NSS,
objects such as CERTCertificates.  If that code continues to run, after
NSS is shutdown and restarted, the pointers held by that code from before
will be stale, and subsequent uses of them will likely crash.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.