Closed
Bug 594999
Opened 14 years ago
Closed 13 years ago
"Security Manager vetoed action" exception when accessing any property of InstallTrigger
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
VERIFIED
FIXED
Tracking | Status | |
---|---|---|
blocking2.0 | --- | betaN+ |
People
(Reporter: tdale, Assigned: gal)
References
Details
(Whiteboard: [softblocker], fixed-in-tracemonkey [fx4-fixed-bugday])
Attachments
(4 files, 4 obsolete files)
171 bytes,
text/html
|
Details | |
24.09 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
13.50 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
24.12 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-us) AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8 Build Identifier: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b5) Gecko/20100101 Firefox/4.0b5 When accessing any undefined property of the window.InstallTrigger object, an exception is thrown. Reproducible: Always Steps to Reproduce: 1. Open the included test case in Firefox 4 Beta 5 2. Open the Error Console Actual Results: Firefox throws an exception: Error: uncaught exception: [Exception... "Security Manager vetoed action" nsresult: "0x80570027 (NS_ERROR_XPC_SECURITY_MANAGER_VETO)" location: "JS frame :: file:///Users/tomdale/Desktop/install_trigger_exception.html :: onclick :: line 1" data: no] Expected Results: Attempts to retrieve undefined properties do not create a security problem and should not throw an exception. I would expect undefined to be returned. We consider this a high-priority bug because it causes almost all SproutCore applications to cease working. We generate string representations of classes partly by iterating over the window object and checking for a certain property on each object. Because this happens at application initialization, this exception being thrown causes existing applications immediately cease functioning on page load. And any web application that iterates over the window object will likely be impacted by this as well.
Updated•14 years ago
|
Blocks: 550936
Severity: major → minor
Component: Installer: XPInstall Engine → Add-ons Manager
Product: Core → Toolkit
QA Contact: xpi-engine → add-ons.manager
Version: unspecified → Trunk
Comment 2•14 years ago
|
||
Looks like an xpconnect issue, specifically with __exposedProps__.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•14 years ago
|
Component: Add-ons Manager → XPConnect
Product: Toolkit → Core
QA Contact: add-ons.manager → xpconnect
Comment 3•13 years ago
|
||
I tested the test case with the latest nightly Trunk load and the error message generated is currently: Error: Permission denied to access property 'unknownProperty' Source file: https://bug594999.bugzilla.mozilla.org/attachment.cgi?id=473805 Line: 4 That's pretty much the same error I'm seeing at me.com, which is broken in Firefox 4 beta and presumably what triggered this bug to be filed.
blocking2.0: --- → ?
Comment 6•13 years ago
|
||
This is I guess sort of intentional, you aren't allowed to access anything other than the exposed properties. What is me.com expecting to be able to access that it can't?
Comment 7•13 years ago
|
||
The file is minified so it's hard to tell, but maybe they enumerate over all properties, |for (x in obj)|, maybe looking for some property they care about. In any case, if we returned |undefined| instead of throwing a security exception, this would probably be fixed. But I don't know enough about the security manager to know if that doesn't introduce some other problem.
Comment 8•13 years ago
|
||
Blake, is there a way to have the __exposedProps__ thing just claim undefined for anything except that in the list?
Comment 10•13 years ago
|
||
Alon is right. We basically iterate through the window object using for (x in window). Then it finds the "InstallTrigger" property which I assume shouldn't be enumerable if it's not supposed to be accessed.
Assignee | ||
Comment 11•13 years ago
|
||
No owner? Stealing.
Assignee | ||
Updated•13 years ago
|
QA Contact: xpconnect → gal
Assignee | ||
Comment 12•13 years ago
|
||
Assignee: nobody → gal
Assignee | ||
Updated•13 years ago
|
QA Contact: gal → xpconnect
Assignee | ||
Updated•13 years ago
|
Attachment #507787 -
Flags: review?(mrbkap)
Blocks: 628410
It appears that the "in" operator doesn't work with this patch. I.e., for an object like: x = { foo: 5, __exposedProps__: {}, }; |"foo" in x| returns true. Still writing tests.
Comment on attachment 507787 [details] [diff] [review] patch It appears that with this patch, if a property is *not* exposed using __exposedProps__ the "in" operator always claims that the property exists. However in that case it should claim that the property does not exist, right? If a property is listed in __exposedProps__, then the "in" operator works fine and properly reflects the existence of the property in the underlying object, whether it exists or not. Enumeration appears to be working fine though.
Attachment #507787 -
Flags: review?(mrbkap) → review-
These were the tests I used to find the "in" bug. The patch as-is should be passing with just the patch in this bug. The commented out tests test the behavior in the patch in bug 628410, hence they are commented out.
Assignee | ||
Comment 16•13 years ago
|
||
Trivial fix. Uploading a new patch. Thanks for writing the tests! Andreas
Assignee | ||
Comment 17•13 years ago
|
||
Attachment #507787 -
Attachment is obsolete: true
This merges on top of bug 628410
Attachment #508049 -
Attachment is obsolete: true
Attachment #508067 -
Flags: review?(mrbkap)
Tests for this bug and bug 628410
Attachment #507992 -
Attachment is obsolete: true
Attachment #508068 -
Flags: review?(mrbkap)
Comment 20•13 years ago
|
||
Comment on attachment 508067 [details] [diff] [review] Merged patch >+ desc->obj= NULL; // default result if we refuse to perform this action Nit: (here and below). Need a space before the = sign.
Attachment #508067 -
Flags: review?(mrbkap) → review+
Updated•13 years ago
|
Attachment #508068 -
Flags: review?(mrbkap) → review+
This is breaking Mochitests :( Specifically js/src/xpconnect/tests/mochitest/test_bug428021.html is failing with Permission denied to access property 'document' at http://mochi.test:8888/tests/js/src/xpconnect/tests/mochitest/test_bug396851.html:17 Though it's really weird that the test files aren't lining up here...
Assignee | ||
Comment 22•13 years ago
|
||
How do I run that one test only? I can try to reproduce.
Even weirder is that that line is *supposed* to throw! But there's a try/catch around it. Are we somehow resurfacing an old exception?
go to objdir/_test/testing/mochitest run: python runtests.py --test-path=js/src/xpconnect/tests/mochitest/ --autorun There seems to be some weird interaction between tests here, so you likely need to run the whole directory.
Make that python runtests.py --test-path=js/src/xpconnect/tests/mochitest/ --autorun --debugger=gdb if you want to run inside gdb.
Assignee | ||
Comment 26•13 years ago
|
||
Its not failing for me.
Comment 27•13 years ago
|
||
(In reply to comment #25) > Make that > > python runtests.py --test-path=js/src/xpconnect/tests/mochitest/ --autorun > --debugger=gdb > > if you want to run inside gdb. FWIW, `TEST_PATH="js/src/xpconnect/tests/mochitest/test_bug396851.html" make mochitest-plain` (to run in $OBJDIR) is probably an easier way. And add EXTRA_TEST_ARGS='--debugger=gdb' to run in in a debugger.
The patch is failing in all sorts of weird ways, and it's not consistent across platforms. Even some of the trivial tests in test_cows are failing in some runs. Maybe there's some uninitialized variable in there? http://tbpl.mozilla.org/?tree=MozillaTry&rev=ab66e36aa42c
Assignee | ||
Comment 29•13 years ago
|
||
Yeah, I think I found something. New patch in a sec.
Assignee | ||
Comment 30•13 years ago
|
||
Assignee | ||
Updated•13 years ago
|
Attachment #508173 -
Attachment is obsolete: true
Assignee | ||
Comment 31•13 years ago
|
||
Assignee | ||
Comment 32•13 years ago
|
||
I pushed this to try again, with the uninitialized variable fix.
Assignee | ||
Comment 33•13 years ago
|
||
With the fix we seem to pass try.
Assignee | ||
Comment 34•13 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/2fb3475b3036
Whiteboard: [softblocker], fixed-in-tracemonkey
Assignee | ||
Comment 35•13 years ago
|
||
And the tests: http://hg.mozilla.org/tracemonkey/rev/59d84fe951ba
Comment 36•13 years ago
|
||
Does this fix Bug 627305? (I don't have access to me.com, so can't test)
Comment 38•13 years ago
|
||
cdleary-bot mozilla-central merge info: http://hg.mozilla.org/mozilla-central/rev/2fb3475b3036 http://hg.mozilla.org/mozilla-central/rev/59d84fe951ba
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 39•13 years ago
|
||
Verified fixed on Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b12pre) Gecko/20110204 Firefox/4.0b12pre
Status: RESOLVED → VERIFIED
Whiteboard: [softblocker], fixed-in-tracemonkey → [softblocker], fixed-in-tracemonkey [fx4-fixed-bugday]
You need to log in
before you can comment on or make changes to this bug.
Description
•