65770 – It is dangerous to share NSS configuration and data with other application

Issue 65770 - It is dangerous to share NSS configuration and data with other application

Summary: It is dangerous to share NSS configuration and data with other application

Status:	CLOSED DUPLICATE of issue 63114

Alias:	None

Product:	xml
Classification:	Code
Component:	code (show other issues)
Version:	OOo 2.0.2
Hardware:	PC Linux, all

Importance:	P3 Trivial (vote)
Target Milestone:	---
Assignee:	joachim.lingner
QA Contact:	issues@xml

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-05-25 12:45 UTC by pmladek
Modified:	2006-06-07 15:38 UTC (History)
CC List:	2 users (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description pmladek 2006-05-25 12:45:05 UTC

OOo seems to share NSS configuration and data with mozilla. It is not safe
because  the NSS stuff does not support the file locking or a transaction
method. The current situation would cause data loss when two application access
the same files (key3.db, cert8.db, ...)

OOo should provide its own configuration and store the data in extra forder.

Comment 1 Mathias_Bauer 2006-06-07 14:56:27 UTC

Malte, can you comment on this?

Comment 2 malte_timmermann 2006-06-07 15:11:24 UTC

IMHO shouldn't be a problem, because we don't write to NSS  config...

Comment 3 wrosenauer 2006-06-07 15:21:59 UTC

OK, I'll try to speak for NSS (while I'm not a core developer there).
So you don't get data corruption if you just read from the NSS database but there
is still the issue that you share your NSS configuration (such as trusted root
CA certificates) with another application (as it seems .thunderbird or whatelse
you use if available). That's not intended since noone would expect to manage
certificates e.g. in Thunderbird to be effective in OOo.
That sounds a little bit strange to me.

Comment 4 malte_timmermann 2006-06-07 15:27:41 UTC

We plan to force the user to choose which mozilla profile to use, instead of
silently searching one.

Then everything should be OK.

For sure we do not plan to implement our own certificate management, bad enough
that there is no personal global key store on Linux/Solaris, like on Windows...

JL is working on this...

Comment 5 joachim.lingner 2006-06-07 15:37:50 UTC

.

*** This issue has been marked as a duplicate of 63114 ***

Comment 6 joachim.lingner 2006-06-07 15:38:44 UTC