Bug 447579. Be a little more careful about inheriting principals for file URIs. r=dveditz, sr=jst
authorBoris Zbarsky <bzbarsky@mit.edu>
Thu, 28 Aug 2008 09:16:21 -0400
changeset 18504 0e630c354e2ba3c207ebabdcf403f943917449a7
parent 18503 336c686c17aa4b6f9313e6419f59c511c043cadb
child 18505 0b1b33454193d58cc557cd6d04fc8d0a1d03bc7d
push idunknown
push userunknown
push dateunknown
reviewersdveditz, jst
bugs447579
milestone1.9.1a2pre
Bug 447579. Be a little more careful about inheriting principals for file URIs. r=dveditz, sr=jst
docshell/base/nsDocShell.cpp
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -7471,17 +7471,27 @@ nsDocShell::DoURILoad(nsIURI * aURI,
     // If this is a file: load opened from another file: then it may need
     // to inherit the owner from the referrer so they can script each other.
     // If we don't set the owner explicitly then each file: gets an owner
     // based on its own codebase later.
     //
     nsCOMPtr<nsIPrincipal> ownerPrincipal(do_QueryInterface(aOwner));
     if (URIIsLocalFile(aURI) && ownerPrincipal &&
         NS_SUCCEEDED(ownerPrincipal->CheckMayLoad(aURI, PR_FALSE))) {
-        channel->SetOwner(aOwner);
+        // One more check here.  CheckMayLoad will always return true for the
+        // system principal, but we do NOT want to inherit in that case.
+        PRBool isSystem;
+        nsCOMPtr<nsIScriptSecurityManager> secMan =
+            do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+        if (secMan &&
+            NS_SUCCEEDED(secMan->IsSystemPrincipal(ownerPrincipal,
+                                                   &isSystem)) &&
+            !isSystem) {
+            channel->SetOwner(aOwner);
+        }
     }
 
     nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
     if (scriptChannel) {
         // Allow execution against our context if the principals match
         scriptChannel->
             SetExecutionPolicy(nsIScriptChannel::EXECUTE_NORMAL);
     }