Closed Bug 8612 Opened 26 years ago Closed 26 years ago

[FEATURE]write out the prefs file with #

Categories

(Core :: Preferences: Backend, defect, P3)

All
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: norrisboyd, Assigned: neeti)

References

Details

Norris,

This sounds like 3 bugs:

   1.A bug against John McMullen to do the special processing required to ignore
the leading #
   2.A bug against Don Bragg to prepend the # to the prefs file during migration
   3.Another bug against John McMullen to write out the prefs file with the
prepended #

These seem like simple changes, but it'd help a lot to have the bugs exist and
list each other as dependents.

Steve

Norris Boyd wrote:

  Any chance that when a 4.x pref is converted to a 5.x pref that the prefs file
could be made not executable by a normal
  JS load? For example, having the first line start with # rather than // would
work as long as the first line was skipped
  before evaluating the code.

  Why do this? We've had a few attacks in the past that have defined a custom
user_pref function and then managed to
  load the prefs.js file. That then gives the attacker access to a bunch of
private data, potentially including a password that
  could be subject to password guessing attacks on the machine of the attacker.

  --Norris

--
Steve Elmer                 (650) 937-2522
Manager CCK Development     selmer@netscape.com
Depends on: 8610
Blocks: 7252
Assignee: don → chofmann
Chris, we need an owner for these libpref bugs ...
Assignee: chofmann → dp
dp's group?
Assignee: dp → neeti
Status: NEW → ASSIGNED
Target Milestone: M10
Summary: write out the prefs file with # → [FEATURE]write out the prefs file with #
Blocks: 11408
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Checked in a fix.
Status: RESOLVED → VERIFIED
verified
Moving all libPref component bugs to new Preferences: Backend component.  
libPref component will be deleted.
Component: libPref → Preferences: Backend
You need to log in before you can comment on or make changes to this bug.