RFC: Patch to bypass permission check for [System] source
Lillian Angel
langel at redhat.com
Thu Apr 30 13:09:05 PDT 2009
Deepak Bhole wrote:
> I discovered an issue when investigating:
> https://bugzilla.redhat.com/show_bug.cgi?id=484387
>
> When checking for permissions during execution, source file:// has special
> privilege. However, there is another source that needs this bypass - the
> [System] source which implies code coming from a Mozilla extension.
> Attached patch adds the bypass. Patch also makes it so that .equals is
> used (as it should be) instead of == when comparing.
>
> ChangeLog:
> 2009-04-30 Deepak Bhole <dbhole at redhat.com>
>
> * plugin/icedtea/sun/applet/PluginAppletSecurityContext.java: Forgo
> permission check if JS source is [System] (i.e. Mozilla extension/chrome).
I approve. I actually noticed this today when I was poking around.
Cheers,
Lillian
More information about the distro-pkg-dev
mailing list