Connect XPConnect visibility filter to query principals

VERIFIED FIXED in M11

Status

()

Core
Security
P3
normal
VERIFIED FIXED
19 years ago
18 years ago

People

(Reporter: Norris Boyd, Assigned: Norris Boyd)

Tracking

Trunk
All
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

19 years ago
Entering all security bugs and tasks for SeaMonkey into Buzilla for schedule
tracking.
(Assignee)

Updated

19 years ago
Blocks: 7252
(Assignee)

Updated

19 years ago
Depends on: 7268
(Assignee)

Updated

19 years ago
Status: NEW → ASSIGNED
Target Milestone: M9
(Assignee)

Updated

19 years ago
Summary: Connect visibility filter to query principals → Connect XPConnect visibility filter to query principals
(Assignee)

Comment 1

19 years ago
The following message details the existing interface for security control of
XPConnect. We need to add an implementation of nsIXPCSecurityManager that looks
at the stack to see if the caller is sufficiently privileged to access XPCOM
components.


        Subject:
             nsIXPCSecurityManager
        Date:
             Fri, 04 Jun 1999 12:09:47 -0700
       From:
             jband@netscape.com (John Bandhauer)
 Organization:
             N E T S C A P E
         To:
             Norris Boyd <norris@netscape.com>
         CC:
             Mike McCabe <mccabe@netscape.com> , Mike Ang <mang@subcarrier.org>
,
             Clayton Lewis <clayton@netscape.com>




I finally got around to implementing the xpconnect security hook
scheme I spoke of before.

See the interface at:
http://lxr.mozilla.org/mozilla/source/js/src/xpconnect/idl/nsIXPCSecurityManager
.idl

Its installation at:
http://lxr.mozilla.org/mozilla/source/js/src/xpconnect/public/nsIXPConnect.h#181

And its test at:
http://lxr.mozilla.org/mozilla/source/js/src/xpconnect/tests/TestXPC.cpp#490
http://lxr.mozilla.org/mozilla/source/js/src/xpconnect/tests/TestXPC.cpp#951

John.
(Assignee)

Updated

19 years ago
Target Milestone: M9 → M10
(Assignee)

Comment 2

19 years ago
Not enough time to implement for M9.
(Assignee)

Updated

19 years ago
Depends on: 11145
(Assignee)

Updated

19 years ago
Blocks: 12633
(Assignee)

Updated

19 years ago
Target Milestone: M10 → M11
(Assignee)

Updated

19 years ago
No longer blocks: 7252
(Assignee)

Updated

19 years ago
Blocks: 13017
(Assignee)

Updated

19 years ago
Whiteboard: Code in, but disabled. Caused orange trees on Linux
(Assignee)

Comment 3

19 years ago
Code is in, but the body of nsScriptSecurityManager::CheckXPCPermissions is
ifdef'd out. When it was enabled, it caused orange trees on the Linux tinderbox
(builds passed, but tests failed). I don't know what sort of failures it caused
or how to run those tests.
(Assignee)

Updated

19 years ago
Whiteboard: Code in, but disabled. Caused orange trees on Linux → Help wanted: Code in, but disabled. Caused orange trees on Linux
(Assignee)

Updated

19 years ago
Blocks: 10120
(Assignee)

Updated

19 years ago
Whiteboard: Help wanted: Code in, but disabled. Caused orange trees on Linux → Should work with GetSubjectPrincipal Linux fix
(Assignee)

Updated

19 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
Whiteboard: Should work with GetSubjectPrincipal Linux fix

Updated

19 years ago
Blocks: 16950

Comment 4

19 years ago
Any chance that nsScriptSecurityManager::CheckXPCPermissions has been
re-enabled, and no longer causes orange trees?

I will check on 7261 dependencies. If dependencies are satisfied, I'll set this
verified. (dependency 7268 will require a simple set of DOM security tests that
should pass to satisfy "initial implementation".) (dependency 11145 verified)
(Assignee)

Comment 5

19 years ago
Yes, the preference is no longer disabled but doesn't cause any known
regressions.

Updated

18 years ago
No longer blocks: 13017

Comment 6

18 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General

Updated

18 years ago
No longer depends on: 7268

Comment 7

18 years ago
Verified based upon dependencies being verified.
No longer blocks: 10120, 12633
Status: RESOLVED → VERIFIED
No longer depends on: 11145
You need to log in before you can comment on or make changes to this bug.