Opened 8 years ago

Closed 8 years ago

#2951 closed defect (fixed)

Review permissions manager and certdb source

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: MikePerryIteration20110501
Cc: lunar@… Actual Points: 2
Parent ID: #2877 Points: 1
Reviewer: Sponsor:

Description

In order to estimate time for #2949 and #2950, we need to review the source code of the relevant components to see how hard it is to make them exist only in memory. I think it is simple for the permissions manager, but unknown for the intermediate cert store.

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by mikeperry

Component: Tor bundles/installationTor Browser
Status: newaccepted

comment:2 Changed 8 years ago by mikeperry

Keywords: MikePerryIteration20110501 added
Points: 21
Priority: normalmajor

comment:3 Changed 8 years ago by lunar

Cc: lunar@… added

comment:4 Changed 8 years ago by mikeperry

Looks like the intermediate cert store is in cert8.db, which appears to be opened by https://mxr.mozilla.org/mozilla2.0/source/security/nss/lib/softoken/legacydb/lginit.c#360

However, I'm not sure how the NSS initialization boils down to this yet. It looks like we may be able to control the use of the db file via a parameter in nss_init, but I am not seeing the connection just yet:
https://mxr.mozilla.org/mozilla2.0/source/security/nss/lib/nss/nssinit.c#525

comment:5 Changed 8 years ago by mikeperry

NSS_INIT_NOCERTDB seems to be the flag we want, and the NSS init appears to be called from nsNSSComponent::InitializeNSS(). It looks like we must hardcode this flag ourselves. But it also looks like a one-line patch for us (though adding an about:config option might make it a few lines).

Still need to look at the permissions manager.

comment:6 Changed 8 years ago by mikeperry

Damn is the nss code a mess. I have no idea if NOCERTDB will create an in-memory version only, or if firefox will just explode upon attempts to use a non-existent certdb when compiled with this flag... We're just going to have to test it and find out, I guess.

comment:7 Changed 8 years ago by mikeperry

Actual Points: 2
Resolution: fixed
Status: acceptedclosed

For the permissions manager, it lives in extensions/cookie/nsPermissionManager.cpp. THe code that creates the database is in nsPermissionManager::InitDB().

It looks like we can hack it to be a memory only db according to: https://developer.mozilla.org/en/XPCOM_Interface_Reference/mozIStorageService#openSpecialDatabase%28%29

Note: See TracTickets for help on using tickets.