COWs need to be implicitly created by SJOWs

RESOLVED DUPLICATE of bug 542428

Status

()

Core
XPConnect
RESOLVED DUPLICATE of bug 542428
8 years ago
8 years ago

People

(Reporter: atul, Unassigned)

Tracking

Trunk
x86
Mac OS X
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(blocking2.0 beta1+)

Details

(Reporter)

Description

8 years ago
In Jetpack, when chrome code passes a chrome object into an untrusted XPCSafeJSObjectWrapped object, the SJOW needs to automatically COW the object before passing it on to the wrapped untrusted object.  If this doesn't happen, then we're in the situation where developers need to manually create COWs to pass to e.g. callbacks provided by untrusted code.

Right now I think this is the main thing blocking us from using COWs in the Jetpack reboot.
(Reporter)

Comment 1

8 years ago
Marking as blocking for 1.9.3, as we can't do real security in Jetpack without this. (We currently have "placeholders" in the form of the Jetpack binary component, but this can't be distributed with each bootstrapping Jetpack XPI.)
blocking2.0: --- → ?
The patch in bug 542428 fixes this.
Depends on: 542428

Updated

8 years ago
blocking2.0: ? → beta1

Updated

8 years ago
Blocks: 543856
(Reporter)

Updated

8 years ago
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 542428
You need to log in before you can comment on or make changes to this bug.