Closed Bug 86799 Opened 24 years ago Closed 24 years ago

make it easier to block a property for a class and its descendants

Categories

(Core :: Security: CAPS, defect, P2)

Product:
Core
Component:
Security: CAPS
Platform:
x86
Windows NT
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.4

People

(Reporter: jruderman, Assigned: security-bugs)

References

Details

Attachments

(3 files)

Patch - wildcard support & pref changes for mail
21.50 KB, patch
Details | Diff | Splinter Review
Changed functions in nsscriptsecuritymanager (easier to read than the patch)
11.83 KB, text/plain
Details
Patch with reviewers' suggestions
24.80 KB, patch
Details | Diff | Splinter Review
There should be a way to block access to a property of a class and all of the classes that inherit from that class. This would make it much easier to fix: bug 66938 block access to the innerHTML property of each inheritor of HTMLElement for mail bug 84545 block access to the baseURI property of each inheritor of Node for mail Here's what I tried: user_pref("capability.policy.default.HTMLElement.innerHTML", "noAccess"); user_pref("capability.policy.default.HTMLAnchorElement.innerHTML", "noAccess"); I couldn't access the innerHTML of a link, but I was still able to access the innerHTML of an HTMLTableElement. If I use the same pref in 0.9 (before XPCDOM), but with htmlelement.innerhtml instead of HTMLElement.innerHTML (because of the syntax changes that came with XPCDOM), it does successfully block access to the innerHTML of all HTML elements. I talked to jst and he said that because of the way XPConnect handles inheritance, it's going to be hard to make this feature work with XPCDOM.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.0
Target is now 0.9.4, Priority P2.
Priority: -- → P2
Target Milestone: mozilla1.0 → mozilla0.9.4
I have a patch which allows for wildcard policies of the form "capability.policy.groupname.*.propertyname". This will allow us to block the innerHTML property of all classes, for example. This will allow us to fix various security-related problems in mailnews.
Blocks: 84545
Keywords: nsbranch
I sat down with mstoltz and looked at this and with a few minor modifications, mostly stylistic, which he made in hes tree, sr=jst
Replace copy intialization with direct intialization. Other than that r=harishd
a=asa on behalf of drivers. mitch, can you make sure that this is well tested in the resulting builds. they are large changes and we'd like to see them land. thanks.
Fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
This checkin broke the irix, aix & hpux tinderboxes. Apparently, they don't like casting from a void * to a int16. You may need to do an explicit cast using the NS_PTR_TO_INT32 macro recently added to nscore.h to get around the bustage. <Insert std disclaimer regarding assuming void * are 32bits. We need to support 64bit builds as well.>
I checked in a fix like cls suggested to try to fix this bustage.
Marking verified as per above developer comments.
Status: RESOLVED → VERIFIED
URL: http://http://
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: