Ari Heitner wrote:
>
> [please cc: me on replies, i'm unsubscribed pending fixing my mail setup for
> the summer]
>
> John[/others]--
>
> Way back in January we talked about security with XPConnect, if you want to do
> something less silly than enabling UniversalXPConnect. After a lot of mucking
> around, Sash has finally got its beautiful new runtime architecture, and I'm
> getting around to fixing the security situation.
>
> Basically I want to allow full xpconnect-happiness for our objects, and for
> nothing else. In fact, if I could disable UniversalXPConnect (so that it
> doesn't even work if the user says "yes", it just denies) I would do that.
>
> You mentioned two things: nsISecurityCheckedComponent, and
> nsIXPCSecurityManager. It looks to me like the only existing implementation of
> nsIXPCSecurityManager is caps/src/nsScriptSecurityManager, which is no
> lightweight. Which makes me think the simple thing to do is to make all our
> objects SecurityCheckedComponents, and have them just allow AllAccess on
> everything.
>
> I actually gave this a shot, but it didn't work -- I saw the calls to
> nsISecCheckComp go by, but xpconnect stopped working, whether or not i had
> UniversalXPConnnect on. Should this be working (i.e. was I doing something
> wrong)?
I dunno. nsISecurityCheckedComponent is used and works in the
browser. You're not very specific in saying how it didn't work
for you.
>
> Or is there a strong reason to implement an XPCSecurityManager?
The caps system does a lot of stuff that you may not want at all
in your embedding. Most of the caps code is to deal with DOM
specific junk and use JS code tagging and JS stack walking
schemes to decide which JS code from what codebase is running and
allow or disallow it's calls to whatever it is trying to call.
The xpconnect standalone build allows you to completely ignore
the caps system. The nsIXPCSecurityManager interface xpconnect
specific and is pretty small. If all you want to do is have a
list of which interfaces are callable and disallow access to all
other interfaces then you should be able to do this quite simply
with your own implmentation of nsIXPCSecurityManager.
John.
>
> thanks.
>
> Ari Heitner
