Chris LeBlanc wrote:
Michael Lefevre wrote:
Firebird (and Mozilla) communicate with the PSM (the module that handlesMy understanding is that this allows the PSM module to be used by other things than just Mozilla/Firebird. If PSM was coded into Mozilla/Firebird, then it would have to be coded into Mozilla Mail/Thunderbird separately. Also, every security instance would require a launching of the PSM code for that individual process. By having it launch as a process listening to a local port, then any instance of Firebird and Thunderbird can talk to that same process.
encryption and such like) by using network ports in this way.
The only problem is that the devellopers reported some time ago, that each instance of Mozilla/Firebird has it's own PSM, which open the PSM data file separately, which is a problem when you run them concurently and there seemed to be no way to centralize the access to PSM inside only one process.
So there seems to be a contradiction here ...
Or maybe not. The first version of PSM, the one that was pluggable on Netscape 4.7 used such interapp communication. May be the opening of the network ports stays from this period, even if the functionnality is not used at all.
This loopback connection port has nothing to do with PSM. It is also not a security concern. The "listening" socket does not accept connections, and even if it did, it is only bound to the loopback device. The other loopback socket is connected to the "listening" socket. The "listening" socket cannot be seen from the internet.
The mozilla networking code (necko) creates this loopback socket pair to be used in a loop that blocks on select. By writing a byte to this socket, we can unblock the select call and cause some work to be done. This is all part of the inner implementation details of necko. I'm positive that there is no security threat here.
Personal firewalls unfortunately complain about this loopback socket pair, and still other personal firewalls prevent it from being created. In such cases, necko falls back to periodically calling select.
It is a shame that windows doesn't support selecting on an anonymous pipe. That's what we use on other platforms. As a result, you should not see this loopback socket appear in netstat on any other platform.
The alternative for necko would be to setup a WIN32 event loop and use WINSOCK asynchronous socket I/O, but our current approach has the advantage of being nearly cross-platform. At least the code in necko is entirely cross-platform.
Darin _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
