Closed
Bug 8612
Opened 26 years ago
Closed 26 years ago
[FEATURE]write out the prefs file with #
Categories
(Core :: Preferences: Backend, defect, P3)
Tracking
()
VERIFIED
FIXED
M10
People
(Reporter: norrisboyd, Assigned: neeti)
References
Details
Norris, This sounds like 3 bugs: 1.A bug against John McMullen to do the special processing required to ignore the leading # 2.A bug against Don Bragg to prepend the # to the prefs file during migration 3.Another bug against John McMullen to write out the prefs file with the prepended # These seem like simple changes, but it'd help a lot to have the bugs exist and list each other as dependents. Steve Norris Boyd wrote: Any chance that when a 4.x pref is converted to a 5.x pref that the prefs file could be made not executable by a normal JS load? For example, having the first line start with # rather than // would work as long as the first line was skipped before evaluating the code. Why do this? We've had a few attacks in the past that have defined a custom user_pref function and then managed to load the prefs.js file. That then gives the attacker access to a bunch of private data, potentially including a password that could be subject to password guessing attacks on the machine of the attacker. --Norris -- Steve Elmer (650) 937-2522 Manager CCK Development selmer@netscape.com
Comment 1•26 years ago
|
||
Bulk reassigning mcmullen@netscape.com bugs to don@netscape.com.
Updated•26 years ago
|
Assignee: chofmann → dp
Comment 3•26 years ago
|
||
dp's group?
Updated•26 years ago
|
Assignee: dp → neeti
Summary: write out the prefs file with # → [FEATURE]write out the prefs file with #
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 5•26 years ago
|
||
verified
Moving all libPref component bugs to new Preferences: Backend component. libPref component will be deleted.
Component: libPref → Preferences: Backend
You need to log in
before you can comment on or make changes to this bug.
Description
•