Closed Bug 821674 Opened 13 years ago Closed 8 years ago

Do we need to check Identity API Messages in the parent process?

Categories

(Core Graveyard :: Identity, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: pauljt, Unassigned)

References

Details

nsDOMIdentity.js runs in the child process (hence it has a childprocessmessagemanager) and sends messages to DOMIdentity.jsm [1] . From what I can tell, there a quite a few checks that happen in the child that are not replicated in the parent. For example, prior to sending the "Identity:IDP:RegisterCertificate" the child checks that provisioning is still happening. A compromised process could send the message without doing this check. In other APIs this would be a serious issue, but I am struggling to understand the guts of this API. Do you have any thoughts about whether or not we need to move some of these checks from the child to the parent? At first I thought we definitely did, since the child does so many checks, but then it seems like it is the parent process that does the logging in etc, so maybe it is ok. (we don't care about parent spoofing messages to child, since if the parent process is comprised it is already game over) [1] http://mxr.mozilla.org/mozilla-central/source/dom/identity/DOMIdentity.jsm
Flags: needinfo?
No longer blocks: 821677
Component: General → Identity
Product: Boot2Gecko → Core
Version: unspecified → Trunk
Flags: needinfo? → needinfo?(benadida)
worth a discussion, but this is pref'ed off for now and is *not* the code that will be pref'ed on for B2G, so let's leave this open for later discussion.
Flags: needinfo?(benadida)
koi? since it blocks bug 820202 but we don't usually block on meta bugs (which bug 820202 is).
RIP Identity API.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.