Closed
Bug 823965
Opened 12 years ago
Closed 12 years ago
App can delete files from a storage type where it does not have permission
Categories
(Core :: DOM: Device Interfaces, defect)
Tracking
()
People
(Reporter: davehunt, Assigned: baku)
Details
Attachments
(1 file)
|
6.65 KB,
patch
|
dougt
:
review+
dougt
:
approval-mozilla-b2g18+
|
Details | Diff | Splinter Review |
While working on a patch for the Gaia UI tests that clears all media from the sdcard between tests I encountered this permissions bug.
If I create a navigator.getDeviceStorage('music') from within the System all (readcreate permission) then I can retrieve all files but not delete them. This is what I'd expect, however if I then create a navigator.getDeviceStorage('pictures') I am able to delete the music files previously obtained.
Steps to reproduce:
var pictures = navigator.getDeviceStorage('pictures');
var music = navigator.getDeviceStorage('music');
mreq = music.enumarate();
mreq.onsuccess = function() {
dreq = pictures.delete(mreq.result.name); // note this uses pictures to delete music
dreq.onerror = function () {
console.error('failed to remove file!');
};
dreq.onerror = function () {
console.log('success removing file!');
};
};
Expected: As we're trying to delete a file that does not exist in the pictures storage type then I would expect the delete to fail.
Actual: Music files are deleted, even though the app does not have permissions to do this
|
Reporter | |
Updated•12 years ago
|
Assignee: nobody → doug.turner
|
||
Comment 1•12 years ago
|
||
Yeah.. i see what you're doing. We don't protect against that. We probably can.
blocking-basecamp: --- → ?
|
|
||
Updated•12 years ago
|
blocking-basecamp: ? → -
tracking-b2g18:
--- → +
|
|
||
Comment 2•12 years ago
|
||
This isn't a great concern as most permissions are going to be handed out as r/w, and everything on your sdcard is basically exposed with any w permissions. We'll fix this post v.1
Assignee: doug.turner → nobody
|
Assignee | |
Comment 3•12 years ago
|
||
Attachment #699075 -
Flags: review?(doug.turner)
|
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → amarchesini
|
|
||
Comment 4•12 years ago
|
||
Comment on attachment 699075 [details] [diff] [review]
patch
Review of attachment 699075 [details] [diff] [review]:
-----------------------------------------------------------------
looks good. I worry a bit about someone storing a blob that doesn't have the correct mime type set. before this change, we were lax in checking. now that we are enforcing this, we might see gaia bustage. Lets keep an eye out for that.
It is better we get this change in now, then to start enforcing this later (and causing lots of bustage) Marking approved for b2g18.
Attachment #699075 -
Flags: review?(doug.turner)
Attachment #699075 -
Flags: review+
Attachment #699075 -
Flags: approval-mozilla-b2g18+
|
|
||
Comment 5•12 years ago
|
||
david/mike, please keep an eye out for any bustage when trying to use device storage to save blobs.
|
|
Assignee | |
Comment 6•12 years ago
|
||
Waiting for green on try, then I push it to inbound.
|
|
Assignee | |
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/4536e2bf1cd0
https://hg.mozilla.org/releases/mozilla-b2g18/rev/aa93bb472ff6
status-firefox19:
--- → wontfix
status-firefox20:
--- → wontfix
|
|
Assignee | |
Updated•12 years ago
|
status-b2g18:
--- → fixed
|
||
Comment 8•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
You need to log in
before you can comment on or make changes to this bug.
Description
•