RFC: Patch to bypass permission check for [System] source
Deepak Bhole
dbhole at redhat.com
Thu Apr 30 13:32:26 PDT 2009
* Lillian Angel <langel at redhat.com> [2009-04-30 16:09]:
> Deepak Bhole wrote:
>> I discovered an issue when investigating:
>> https://bugzilla.redhat.com/show_bug.cgi?id=484387
>>
>> When checking for permissions during execution, source file:// has special
>> privilege. However, there is another source that needs this bypass - the
>> [System] source which implies code coming from a Mozilla extension.
>> Attached patch adds the bypass. Patch also makes it so that .equals is
>> used (as it should be) instead of == when comparing.
>>
>> ChangeLog:
>> 2009-04-30 Deepak Bhole <dbhole at redhat.com>
>>
>> * plugin/icedtea/sun/applet/PluginAppletSecurityContext.java: Forgo
>> permission check if JS source is [System] (i.e. Mozilla extension/chrome).
>
> I approve. I actually noticed this today when I was poking around.
>
Great thanks! Committed.
Cheers,
Deepak
More information about the distro-pkg-dev
mailing list