I'd like to eliminate the nsIScriptSecurityManager::CheckSameOriginPrincipal in
favor of nsIPrincipal::Subsumes and nsIPrincipal::Equals. Usually we want a
Subsumes() check where we currently do CheckSameOriginPrincipal.
As things stand, nsPrincipal::Equals() already calls CheckSameOriginPrincipal()
in all but one case.
That one case is when you're dealing with certificate principals. Right now we
treat them as equal if they have the same fingerprint and subject name. Which
means that if you sign jars with the same certificate and put them up on
different hosts we'll treat the principals as being equal. That seems wrong to
me, frankly. I've filed bug 369201 on that.
Just as wrong are the current uses of CheckSameOriginPrincipal() when one of the
principals might be a certificate principal, since we'll just look at the URIs
in those cases...
So I'd like to propose that nsPrincipal::Equals compare the certificates, and if
those are equal call CheckSameOriginPrincipal() (which will still be around, but
private to the CAPS module). And we switch callers that really care about
equality to Equals() while the ones that care about the asymmetric "subsumes"
relationship use Subsumes().
Thoughts?
-Boris
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
