Bug 1052096 - Move CPOW targets into the privileged/unprivileged junk scope of the child/parent. r=billm

2014-09-12 17:41:18 -07:00
parent 74b006bbae
commit 0432f88162
6 changed files with 17 additions and 30 deletions
--- a/js/ipc/JavaScriptParent.cpp
+++ b/js/ipc/JavaScriptParent.cpp
@@ -64,8 +64,12 @@ JavaScriptParent::trace(JSTracer *trc)
 }

 JSObject *
-JavaScriptParent::defaultScope()
+JavaScriptParent::scopeForTargetObjects()
 {
+    // CPWOWs from the child need to point into the parent's unprivileged junk
+    // scope so that a compromised child cannot compromise the parent. In
+    // practice, this means that a child process can only (a) hold parent
+    // objects alive and (b) invoke them if they are callable.
    return xpc::UnprivilegedJunkScope();
 }