Open Bug 357195 Opened 18 years ago Updated 2 years ago

Back out bug 168136, chrome/resource scheme access to file:

Categories

(Core :: Security: CAPS, defect)

x86
Windows XP
defect

Tracking

()

People

(Reporter: dveditz, Assigned: dveditz)

Details

bug 168136 added special permission for chrome and resource URIs to access file: URIs to make the mail filter viewer dialog work. At the time CheckLoadURI made no distinction between privileged sources and not so it was necessary. Now, however, CheckLoadURIWithPrincipal() grants access if the source principal is the system principal, so for the dialog case this permission should be no longer necessary. Unprivileged chrome resources (should there be any) shouldn't be able to do things other unprivileged content can't, that's why we made it unprivileged. There's a slightly stronger case to be made for resource:, that they're really just files. In the Mozilla view of things resource refers to its own little sandbox and shouldn't be reaching outside, but there's a possibility that some embedding app has used this property of resource: files. We may want to remove the chrome permission and leave the resource permission.
I second the motion! Do we want to do this on branches too, or just on trunk? If the latter, then before or after bug 120373 lands? If we do want it on branches, we should do this before bug 120373 so we don't have to write two separate patches.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.