Closed Bug 947784 Opened 11 years ago Closed 10 years ago

Move "mobilenetwork" permission check to parent and create a sandbox safe implementation

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 952371

People

(Reporter: pauljt, Assigned: jessica)

References

Details

+++ This bug was initially created as a clone of Bug #866272 +++

The solution developed in bug 866272 relies on permissions checks performed solely in the child, and also provides this feature by storing private data inside preferences. In a compromised child situation, where malicious content has the ability to execute chrome privileged script (or any arbitrary code exec), the permission check offers no security as the child can read the data directly out of preferences.

This issue is relatively low risk since as the attack scenario requires an additional exploit but it would be good to fix this as we harden IPC mechanisms as part of sandboxing.
Ken, can you find an owner for this from your team?
Flags: needinfo?(kchang)
Jessica, please take this bug. Thanks.
Assignee: nobody → jjong
Flags: needinfo?(kchang)
See Also: → 952371
Hi Paul,

In bug 952371, we changed to use IPC messages instead of preferences to query last known networks, and the permission check is now done on parent side. Do you think that fulfills the security requirements in this bug?

Thank you.
Flags: needinfo?(ptheriault)
Hi Jessica, yes that looks fine to me, thanks! Resolved as a dupe so we know where it was fixed.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → DUPLICATE
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.