Opened 8 years ago

Closed 8 years ago

#2951 closed defect (fixed)

Review permissions manager and certdb source

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: MikePerryIteration20110501
Cc: lunar@… Actual Points: 2
Parent ID: #2877 Points: 1
Reviewer: Sponsor:


In order to estimate time for #2949 and #2950, we need to review the source code of the relevant components to see how hard it is to make them exist only in memory. I think it is simple for the permissions manager, but unknown for the intermediate cert store.

Child Tickets

Change History (7)

comment:1 Changed 8 years ago by mikeperry

Component: Tor bundles/installationTor Browser
Status: newaccepted

comment:2 Changed 8 years ago by mikeperry

Keywords: MikePerryIteration20110501 added
Points: 21
Priority: normalmajor

comment:3 Changed 8 years ago by lunar

Cc: lunar@… added

comment:4 Changed 8 years ago by mikeperry

Looks like the intermediate cert store is in cert8.db, which appears to be opened by

However, I'm not sure how the NSS initialization boils down to this yet. It looks like we may be able to control the use of the db file via a parameter in nss_init, but I am not seeing the connection just yet:

comment:5 Changed 8 years ago by mikeperry

NSS_INIT_NOCERTDB seems to be the flag we want, and the NSS init appears to be called from nsNSSComponent::InitializeNSS(). It looks like we must hardcode this flag ourselves. But it also looks like a one-line patch for us (though adding an about:config option might make it a few lines).

Still need to look at the permissions manager.

comment:6 Changed 8 years ago by mikeperry

Damn is the nss code a mess. I have no idea if NOCERTDB will create an in-memory version only, or if firefox will just explode upon attempts to use a non-existent certdb when compiled with this flag... We're just going to have to test it and find out, I guess.

comment:7 Changed 8 years ago by mikeperry

Actual Points: 2
Resolution: fixed
Status: acceptedclosed

For the permissions manager, it lives in extensions/cookie/nsPermissionManager.cpp. THe code that creates the database is in nsPermissionManager::InitDB().

It looks like we can hack it to be a memory only db according to:

Note: See TracTickets for help on using tickets.