Closed Bug 46691 Opened 25 years ago Closed 24 years ago

Incorrect security check on preference write

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.1

People

(Reporter: czhang, Assigned: security-bugs)

References

(
URL
)

Details

(Keywords: dom0, Whiteboard: [nsbeta3-])

Do we have this capability "UniversalPreferencesWrite" first? use 7/26 NT build ----------------------sign002.html--------------------- <html> <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite" ); navigator.preference("network.cookie.cookieBehavior", 2); </script> <h2> look at if cookie can be disable or not </h2> </html> -------------------- check all.js file, the preference file "network.cookie.cookieBehavior" is not changed at all, javascript console said "Security error": NS_ERROR_DOM_SECURITY_ERR
I think navigator.preference takes only one parameter, the name of the preference. To set a preference, assign to it, as in navigator.preference(""network.cookie.cookieBehavior") = 2; In the example below, I think the second argument is ignored, and it looks as though you want to read the value of the pref rather than write to it. Because you haven't enabled UniversalPreferencesRead, you see a security error. Please re-test and close this bug if the problem goes away.
Status: NEW → ASSIGNED
Target Milestone: --- → M18
marking INVALID; please reopen if I'm mistaken.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → INVALID
navigator.preference("network.cookie.cookieBehavior") = 2 is not the way to write the preference either, it is saying invalid assignment left-hand side the syntax for preference(prefName[, setValue])is mentioned in 4.x doc, these are the things I tried, none of them works. also tried navigator.preference("network.cookie.cookieBehavior", 2); ---------------------------------------- <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead, UniversalPreferencesWrite"); var a=navigator.preference("network.cookie.cookieBehavior"); alert(a); navigator.preference("network.cookie.cookieBehavior") = 2; </script> ------------------------------------------------------------ <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite"); navigator.preference("network.cookie.cookieBehavior") = 2; </script> ----------------------------- <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead"); var a=navigator.preference("network.cookie.cookieBehavior"); alert(a); </script> <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite"); navigator.preference("network.cookie.cookieBehavior") = 2; </script>
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Here's what's happening: when writing a pref using navigator.preference("preference","value"); two security checks are done. The first happens at http://lxr.mozilla.org/seamonkey/source/dom/src/base/nsJSNavigator.cpp#441 in the generated DOM IDL code. At this point, it assumes the access is a read (the second argument to CheckScriptAccess is PR_FALSE which indicates a read) even though we're actually doing a write. Then, the implementation in nsGlobalWindow is called: http://lxr.mozilla.org/seamonkey/source/dom/src/base/nsGlobalWindow.cpp#4471 which calls CheckScriptAccess again, this time correctly determining whether we're doing a read or a write. The upshot is that for preference reads, the security check happens twice, redundantly. For pref writes, the 'read' check is done once and then the 'write' check, which means the script must enable both UniversalPreferencesRead and UniversalPreferencesWrite in order to write a pref. I'm not sure if this is the desired behavior. Should the script need both privileges in order to write? This is not intuitive. Cathy, as a workaround, enable both privileges and you should be able to write.
Assignee: mstoltz → jst
Status: REOPENED → NEW
Component: Security: General → DOM Level 0
QA Contact: czhang → desale
Summary: UniversalPreferencesWrite is not writing in this signed script → Incorrect security check on preference write
I can't write even though I enabled both two priviledges: things tried ------------------------------------------------- <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead,Uni versalPreferencesWrite"); navigator.preference("network.cookie.cookieBehavior", 2); </script> --------------------------------------------------------------- <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead","U niversalPreferencesWrite"); navigator.preference("network.cookie.cookieBehavior", 2); </script> ----------------------------------------------------------------- <script> netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead"); netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite"); navigator.preference("network.cookie.cookieBehavior", 2); </script> ------------- only last one does not have security error in javascript console, but it still does not change the value
The last one you tried should work. Are you looking in the prefs.js file to see if it's been changed? If so, you may not see the change (it may not get written out to prefs.js) until you quit the browser. I've tried it and it works for me. enablePrivilege takes a single argument which is a space-separated list of privileges to enable, as in netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite UniversalPreferencesRead"); However, I could change this if you find this syntax nonintuitive. I have to go in and change that function anyway to fix a security hole. I think I'll change it to recognize either spaces or commas as separators, but not multiple arguments as in your second example. Try quitting the browser after running this script, you should see the pref written out to disk.
You are right, my last case works, also the multiple priviledges separated by space works fine, I don't have problem on the sytax, but I think the sytax should be documented as well as in order to write preference, user have to enable both read and write priviledges, thanks.
Status: NEW → RESOLVED
Closed: 25 years ago25 years ago
Resolution: --- → WORKSFORME
verified and close
Status: RESOLVED → CLOSED
Status: CLOSED → REOPENED
Resolution: WORKSFORME → ---
Reopening. Writing to prefs should NOT require enabling both read and write privileges. This is an error.
I'm retaking this bug, since I discussed a fix with Vidur.
Assignee: jst → mstoltz
Status: REOPENED → NEW
Keywords: nsbeta3
Seems like a workaround is available to me. Asking for both read & write privileges is redundant, but not outrageous.
Whiteboard: [nsbeta3-]
Future.
Severity: major → normal
Status: NEW → ASSIGNED
Target Milestone: M18 → Future
Keywords: dom0
*** Bug 70303 has been marked as a duplicate of this bug. ***
Mass changing milestones to Moz0.9.1. Many of these bugs are dependent on the XPConnected DOM and its associated security UI changes.
Target Milestone: Future → mozilla0.9.1
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago24 years ago
Resolution: --- → FIXED
v
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.