Closed
Bug 651081
Opened 15 years ago
Closed 14 years ago
Ensure GCLI commands are executed securely
Categories
(DevTools :: General, defect)
DevTools
General
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: jwalker, Assigned: jwalker)
References
Details
GCLI commands are plain JavaScript. In GCLI they are executed simply using command.exec();. It is likely that this represents a security problem in some cases since commands will be executed with chrome privileges.
We should ensure that canon.exec() or canon.addCommand() performs the required wrapping to ensure that the correct privileges are used at all times.
This is not considered a "security issue" right now because:
- "Many users" are not using this code
- The only commands that exist don't do much of any note
This issue should be fixed before any significant number of users begin testing it.
|
Assignee | |
Updated•15 years ago
|
Blocks: GCLI-EXPERIMENT
|
||
Comment 1•15 years ago
|
||
Did this feature go through security review when it first landed? If not, it'd probably be a good idea to have it do that regardless now.
|
||
Comment 2•15 years ago
|
||
(In reply to comment #0)
> GCLI commands are plain JavaScript. In GCLI they are executed simply using
> command.exec();. It is likely that this represents a security problem in some
I have not yet looked at the patch, but, You will have to execute these commands in a sandbox, just like the existing command line.
|
|
Assignee | |
Comment 3•15 years ago
|
||
(In reply to comment #1)
> Did this feature go through security review when it first landed? If not, it'd
> probably be a good idea to have it do that regardless now.
It's not landed yet.
|
|
Assignee | |
Updated•14 years ago
|
No longer blocks: GCLI-EXPERIMENT
|
|
Assignee | |
Updated•14 years ago
|
Blocks: GCLI-ENABLE
|
|
Assignee | |
Comment 4•14 years ago
|
||
My current thinking is that it would be good if we can have the command line execute with chrome privs, protecting it from page resources, rather than the other way around (i.e. executing with page privs, Sandboxed from chome resources).
Not sure if that's possible.
Assignee: nobody → jwalker
|
|
Assignee | |
Comment 5•14 years ago
|
||
Jesse - Are you best person to talk to about getting this command line feature reviewed?
Thanks,
|
||
Comment 6•14 years ago
|
||
curtisk has been organizing security reviews lately.
Review TBD added to sec team review radar https://wiki.mozilla.org/Security/Radar/Active#Firefox:_In_Progress
|
|
Assignee | |
Comment 8•14 years ago
|
||
Bug 664693 tracks the documenting of the commands.
|
|
Assignee | |
Comment 9•14 years ago
|
||
Bug 664696 tracks the reviewing of the commands by mrbkap
The notes from the etherpad have gone - will they be published anywhere?
I'd like to close this bug now - any objections?
mrbkap is supposed to review the wrapper implementation
security team will review the list of commands
Notes are posted here: https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/GCLI
|
|
Assignee | |
Comment 11•14 years ago
|
||
I've added the bugs I raised to the wiki page - thanks for posting that.
I'll close this bug tomorrow unless anyone complains.
Many thanks.
|
|
Assignee | |
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 12•14 years ago
|
||
Marking verified because there is no UI proof that the bug is fixed. The proof is in the comments above.
Status: RESOLVED → VERIFIED
|
||
Updated•7 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•