RFC: Patch to bypass permission check for [System] source

Lillian Angel langel at redhat.com
Thu Apr 30 13:09:05 PDT 2009

Deepak Bhole wrote:
> I discovered an issue when investigating:
> https://bugzilla.redhat.com/show_bug.cgi?id=484387
> When checking for permissions during execution, source file:// has special
> privilege. However, there is another source that needs this bypass - the
> [System] source which implies code coming from a Mozilla extension.
> Attached patch adds the bypass. Patch also makes it so that .equals is
> used (as it should be) instead of == when comparing.
> ChangeLog:
> 2009-04-30 Deepak Bhole <dbhole at redhat.com>
>     * plugin/icedtea/sun/applet/PluginAppletSecurityContext.java: Forgo
>     permission check if JS source is [System] (i.e. Mozilla extension/chrome).

I approve. I actually noticed this today when I was poking around.


More information about the distro-pkg-dev mailing list