839684 - Link securityInfo between child and parent processes as an actor instead of just sending serialization here and there

Status: RESOLVED WONTFIX

(Core :: Security: PSM, defect, P3)

Description

[Honza Bambas (:mayhemer)]

Long ago we needed to pass security info object to the child process. I've allow that by sending a serialization of the securityInfo object.  On the child process it deserialize, while the certificate only keeps the serialization (nsNSSCertificateFakeTransport class) to allow sending the secinfo via serialization back to the parent.

These days this is a) wasting - and kinda crazy as I see it now, b) dangerous to accept sec info from potentially untrusted child process to deserialize on the parent process and be used for security decisions.

My proposal is to instead of serialization send an IPC actor (SecInfoParent/SecInfoChild).  That would carry the serialization to make secinfo work on the child process (I believe this is needed, but maybe not!) and, the main goal, children may send it back to parent just by the actor's reference.  On the parent process we can then get the existing original raw secinfo object securely from SecInfoParent.

This has raised from discussion with jduell on IRC related to bug 835613.

Opinions?


Serialization of secinfo is currently sent to the child process by PHttpChannel::OnStartRequest and the same way (very surprisingly, but probably it's just another wasting) via PWyciwygChannel::OnStartRequest.

Hiding the bug rather.

Comment 1

[Josh Aas]

Does this bug really need to be hidden?

Comment 2

[Honza Bambas (:mayhemer)]

IMO, no.

Comment 3

[Josh Aas]

Changing security rating to reflect the fact this is not an issue with current security features, it's a future request.

Comment 4

[Dana Keeler (she/her) (use needinfo) [:keeler]]

It doesn't look like we're going to do this.