Closed Bug 813995 Opened 13 years ago Closed 13 years ago

Need additional security checks for the "device-storage" permissions

Categories

(Core :: DOM: Device Interfaces, defect, P1)

Product:
Core
Component:
DOM: Device Interfaces
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla20
Project Flags:
blocking-basecamp +
Tracking Flags:
Tracking Status
firefox18 --- fixed
firefox19 --- fixed

People

(Reporter: bent.mozilla, Assigned: dougt)

References

Details

Attachments

(1 file, 2 obsolete files)

patch v.3
9.20 KB, patch
bent.mozilla
: review+
Details | Diff | Splinter Review
Some notes on the discussion I had with dougt: device-storage:apps: in child process check for webapp-manage, need to check in parent too no 'access' checks nsIContentPermissionPrompt can be bypassed from child maybe assert permission when handing out blobs (maybe /data only)
Assignee: nobody → doug.turner
blocking-basecamp: ? → +
Attached patch patch v.1 (obsolete) — Splinter Review
Attachment #685300 - Flags: review?(bent.mozilla)
Comment on attachment 685300 [details] [diff] [review] patch v.1 Review of attachment 685300 [details] [diff] [review]: ----------------------------------------------------------------- This stuff looks fine, but it only addresses a piece of the problem (for "apps"). Are you planning on doing the other type checks in another bug?
Attachment #685300 - Flags: review?(bent.mozilla) → review+
Comment on attachment 685300 [details] [diff] [review] patch v.1 Actually, hm. It's weird that you're doing this in a constructor since you can't bail out if the app doesn't have permission. The child process will get killed regardless but you keep on going as if nothing happened...
Comment on attachment 685300 [details] [diff] [review] patch v.1 Actually, yeah, can we do this in ContentParent::AllocPDeviceStorageRequest instead? Then we can bail out correctly by returning null.
Attachment #685300 - Flags: review+ → review-
Attached patch patch v.2 (obsolete) — Splinter Review
Attachment #685979 - Flags: feedback?(bent.mozilla)
Attachment #685979 - Flags: feedback?(bent.mozilla) → feedback-
Attached patch patch v.3Splinter Review
Attachment #685300 - Attachment is obsolete: true
Attachment #685979 - Attachment is obsolete: true
Attachment #686217 - Flags: review?(bent.mozilla)
Comment on attachment 686217 [details] [diff] [review] patch v.3 Review of attachment 686217 [details] [diff] [review]: ----------------------------------------------------------------- Looks good! ::: dom/devicestorage/DeviceStorageRequestParent.cpp @@ +182,5 @@ > + return false; > + } > + } > + > + // the 'apps' type is special. We only want this exposed Nit: Capitalize 'the' @@ +190,5 @@ > + return false; > + } > + } > + > + nsCString permissionName; Since you're doing some appends below you should use nsAutoCString. ::: dom/devicestorage/DeviceStorageRequestParent.h @@ +25,5 @@ > > NS_IMETHOD_(nsrefcnt) AddRef(); > NS_IMETHOD_(nsrefcnt) Release(); > + > + bool EnsureRequiredPermissions(mozilla::dom::ContentParent* aParent); Nit: trailing whitespace ::: dom/ipc/ContentParent.cpp @@ +1192,5 @@ > ContentParent::AllocPDeviceStorageRequest(const DeviceStorageParams& aParams) > { > + nsRefPtr<DeviceStorageRequestParent> result = new DeviceStorageRequestParent(aParams); > + if (!result->EnsureRequiredPermissions(this)) { > + return nullptr; Nit: trailing whitespace
Attachment #686217 - Flags: review?(bent.mozilla) → review+
Setting priority based on triage discussions. Feel free to decrease priority if you disagree.
Priority: -- → P1
https://hg.mozilla.org/mozilla-central/rev/0690146190f1
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: