Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
"Permission denied to access property 'apply'" for wrapped functions
1,332 views
Skip to first unread message
Jordan Santell
Feb 9, 2015, 6:12:15 PM2/9/15
to dev-se...@lists.mozilla.org, dev-developer-tools
For all of our media tools, we wrap some content globals in a proxy
function[0]. A crude version of this would be, using an Array for example:
var original = Array.prototype.push;
Array.prototype.push = function wrapper () {
original.call(this, arguments);
/* report context, args, return value, etc */
}
Do not fear, we only wrap a few globals related to audio and canvas, not
the array, and only when the specific media tools are open. This has been
working in practice for awhile now, but some scenarios cause permission
errors. For example, when calling a wrapped function via call or apply.
Since the wrappers are created in chrome code, but exposed to content, is
there anyway to allow this? To test this, open up the web audio editor[1]
(enable in the dev tools options), and hit the reload button with the tool
open, and type this into the console:
(ctx = new AudioContext()).createOscillator.apply(ctx);
This will cause this error:
Error: Permission denied to access property 'apply'
Anyway around allowing apply/call to our chrome-wrapped functions to
content? Corresponding bug for this is bug 1130901 [2].
[0]
https://github.com/mozilla/gecko-dev/blob/4ae95aae6b09eef9de549e35297eabdd2d5c0678/toolkit/devtools/server/actors/call-watcher.js#L419-L429
[1] https://developer.mozilla.org/en-US/docs/Tools/Web_Audio_Editor
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1130901
function[0]. A crude version of this would be, using an Array for example:
var original = Array.prototype.push;
Array.prototype.push = function wrapper () {
original.call(this, arguments);
/* report context, args, return value, etc */
}
Do not fear, we only wrap a few globals related to audio and canvas, not
the array, and only when the specific media tools are open. This has been
working in practice for awhile now, but some scenarios cause permission
errors. For example, when calling a wrapped function via call or apply.
Since the wrappers are created in chrome code, but exposed to content, is
there anyway to allow this? To test this, open up the web audio editor[1]
(enable in the dev tools options), and hit the reload button with the tool
open, and type this into the console:
(ctx = new AudioContext()).createOscillator.apply(ctx);
This will cause this error:
Error: Permission denied to access property 'apply'
Anyway around allowing apply/call to our chrome-wrapped functions to
content? Corresponding bug for this is bug 1130901 [2].
[0]
https://github.com/mozilla/gecko-dev/blob/4ae95aae6b09eef9de549e35297eabdd2d5c0678/toolkit/devtools/server/actors/call-watcher.js#L419-L429
[1] https://developer.mozilla.org/en-US/docs/Tools/Web_Audio_Editor
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1130901
Gavin Sharp
Feb 9, 2015, 8:48:43 PM2/9/15
to Jordan Santell, dev-se...@lists.mozilla.org, bho...@mozilla.com, dev-developer-tools
I think you probably want to talk to bholley!
Gavin
> _______________________________________________
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
Gavin
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
Boris Zbarsky
Feb 9, 2015, 11:30:01 PM2/9/15
to mozilla-de...@lists.mozilla.org
On 2/9/15 6:12 PM, Jordan Santell wrote:
> var original = Array.prototype.push;
> Array.prototype.push = function wrapper () {
> original.call(this, arguments);
> /* report context, args, return value, etc */
> }
I suspect you want
> var original = Array.prototype.push;
> Array.prototype.push = function wrapper () {
> original.call(this, arguments);
> /* report context, args, return value, etc */
> }
https://developer.mozilla.org/en-US/docs/Components.utils.exportFunction
here.
-Boris
Boris Zbarsky
Feb 9, 2015, 11:38:12 PM2/9/15
to mozilla-de...@lists.mozilla.org
On 2/9/15 11:28 PM, Boris Zbarsky wrote:
> I suspect you want
> https://developer.mozilla.org/en-US/docs/Components.utils.exportFunction
> here.
Though note that:
> I suspect you want
> https://developer.mozilla.org/en-US/docs/Components.utils.exportFunction
> here.
1) The setup you're using won't help with cases in which the page has
grabbed references to the relevant functions before your wrapper was
installed.
2) The wrapper, at least as implemented currently, has subtly different
behavior from the actual function it wraps in various ways: different
toString(), different .length, possibly different stacks for exceptions.
If we want a more high-fidelity way of hooking things, we may want to
think about ways to hang the information about what hooking bits we want
off the actual IDL-defined function, maybe.
-Boris
Panos Astithas
Feb 10, 2015, 1:55:34 AM2/10/15
to Gavin Sharp, dev-se...@lists.mozilla.org, Jordan Santell, bho...@mozilla.com, dev-developer-tools
You might have to do something like this (but do talk to bholley):
https://dxr.mozilla.org/mozilla-central/source/toolkit/devtools/server/actors/script.js#3843
Panos
On Tue, Feb 10, 2015 at 3:48 AM, Gavin Sharp <ga...@gavinsharp.com> wrote:
> I think you probably want to talk to bholley!
>
> Gavin
>
> On Mon, Feb 9, 2015 at 3:12 PM, Jordan Santell <jsan...@mozilla.com>
> wrote:
> > For all of our media tools, we wrap some content globals in a proxy
> > function[0]. A crude version of this would be, using an Array for
> example:
> >
> dev-developer-tools mailing list
> dev-devel...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-developer-tools
>
https://dxr.mozilla.org/mozilla-central/source/toolkit/devtools/server/actors/script.js#3843
Panos
On Tue, Feb 10, 2015 at 3:48 AM, Gavin Sharp <ga...@gavinsharp.com> wrote:
> I think you probably want to talk to bholley!
>
> Gavin
>
> On Mon, Feb 9, 2015 at 3:12 PM, Jordan Santell <jsan...@mozilla.com>
> wrote:
> > For all of our media tools, we wrap some content globals in a proxy
> > function[0]. A crude version of this would be, using an Array for
> example:
> >
> > var original = Array.prototype.push;
> > Array.prototype.push = function wrapper () {
> > original.call(this, arguments);
> > /* report context, args, return value, etc */
> > }
> >
> > Array.prototype.push = function wrapper () {
> > original.call(this, arguments);
> > /* report context, args, return value, etc */
> > }
> >
> > Do not fear, we only wrap a few globals related to audio and canvas, not
> > the array, and only when the specific media tools are open. This has been
> > working in practice for awhile now, but some scenarios cause permission
> > errors. For example, when calling a wrapped function via call or apply.
> > Since the wrappers are created in chrome code, but exposed to content, is
> > there anyway to allow this? To test this, open up the web audio editor[1]
> > (enable in the dev tools options), and hit the reload button with the
> tool
> > open, and type this into the console:
> >
> > (ctx = new AudioContext()).createOscillator.apply(ctx);
> >
> > This will cause this error:
> > Error: Permission denied to access property 'apply'
> >
> > Anyway around allowing apply/call to our chrome-wrapped functions to
> > content? Corresponding bug for this is bug 1130901 [2].
> >
> > [0]
> >
> https://github.com/mozilla/gecko-dev/blob/4ae95aae6b09eef9de549e35297eabdd2d5c0678/toolkit/devtools/server/actors/call-watcher.js#L419-L429
> > [1] https://developer.mozilla.org/en-US/docs/Tools/Web_Audio_Editor
> > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1130901
> > _______________________________________________
> > dev-security mailing list
> > dev-se...@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-security
> _______________________________________________
> > the array, and only when the specific media tools are open. This has been
> > working in practice for awhile now, but some scenarios cause permission
> > errors. For example, when calling a wrapped function via call or apply.
> > Since the wrappers are created in chrome code, but exposed to content, is
> > there anyway to allow this? To test this, open up the web audio editor[1]
> > (enable in the dev tools options), and hit the reload button with the
> tool
> > open, and type this into the console:
> >
> > (ctx = new AudioContext()).createOscillator.apply(ctx);
> >
> > This will cause this error:
> > Error: Permission denied to access property 'apply'
> >
> > Anyway around allowing apply/call to our chrome-wrapped functions to
> > content? Corresponding bug for this is bug 1130901 [2].
> >
> > [0]
> >
> https://github.com/mozilla/gecko-dev/blob/4ae95aae6b09eef9de549e35297eabdd2d5c0678/toolkit/devtools/server/actors/call-watcher.js#L419-L429
> > [1] https://developer.mozilla.org/en-US/docs/Tools/Web_Audio_Editor
> > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1130901
> > _______________________________________________
> > dev-security mailing list
> > dev-se...@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-security
> dev-developer-tools mailing list
> dev-devel...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-developer-tools
>
Jordan Santell
Feb 11, 2015, 12:24:40 PM2/11/15
to Bobby Holley, Gavin Sharp, dev-se...@lists.mozilla.org, dev-developer-tools
Have been trying these suggestions, and doesn't seem like it's directly an
Xray issue, as it's exposing chrome to content, not the other way around.
The Cu.exportFunction gets me there, so Function prototype properties are
accessible, so that seemed to do the trick! Some issues remain with the
scope of arguments passed around, but will get there.
Thanks all!
On Tue, Feb 10, 2015 at 3:31 PM, Bobby Holley <bho...@mozilla.com> wrote:
> On Mon, Feb 9, 2015 at 5:48 PM, Gavin Sharp <ga...@gavinsharp.com> wrote:
>
>> I think you probably want to talk to bholley!
>>
>> Gavin
>>
>> On Mon, Feb 9, 2015 at 3:12 PM, Jordan Santell <jsan...@mozilla.com>
>> wrote:
>> > For all of our media tools, we wrap some content globals in a proxy
>> > function[0]. A crude version of this would be, using an Array for
>> example:
>> >
>> > var original = Array.prototype.push;
>> > Array.prototype.push = function wrapper () {
>> > original.call(this, arguments);
>> > /* report context, args, return value, etc */
>> > }
>>
>
> This example doesn't involve multiple globals, so it's not going to
> illustrate anything security-related.
> would explain it - such things are callable for legacy reasons, but
> everything else is forbidden. You want Cu.exportFunction here.
>
> bholley
>
Xray issue, as it's exposing chrome to content, not the other way around.
The Cu.exportFunction gets me there, so Function prototype properties are
accessible, so that seemed to do the trick! Some issues remain with the
scope of arguments passed around, but will get there.
Thanks all!
On Tue, Feb 10, 2015 at 3:31 PM, Bobby Holley <bho...@mozilla.com> wrote:
> On Mon, Feb 9, 2015 at 5:48 PM, Gavin Sharp <ga...@gavinsharp.com> wrote:
>
>> I think you probably want to talk to bholley!
>>
>> Gavin
>>
>> On Mon, Feb 9, 2015 at 3:12 PM, Jordan Santell <jsan...@mozilla.com>
>> wrote:
>> > For all of our media tools, we wrap some content globals in a proxy
>> > function[0]. A crude version of this would be, using an Array for
>> example:
>> >
>> > var original = Array.prototype.push;
>> > Array.prototype.push = function wrapper () {
>> > original.call(this, arguments);
>> > /* report context, args, return value, etc */
>> > }
>>
>
> illustrate anything security-related.
>
> > Since the wrappers are created in chrome code, but exposed to content
>
>
> Are you just exposing chrome functions directly to content? If so, that
> > Since the wrappers are created in chrome code, but exposed to content
>
>
> would explain it - such things are callable for legacy reasons, but
> everything else is forbidden. You want Cu.exportFunction here.
>
> bholley
>
Bobby Holley
Feb 13, 2015, 4:09:16 AM2/13/15
to Gavin Sharp, dev-se...@lists.mozilla.org, Jordan Santell, Bobby Holley, dev-developer-tools
Bobby Holley
Feb 13, 2015, 4:09:17 AM2/13/15
to Jordan Santell, Gavin Sharp, dev-se...@lists.mozilla.org, Bobby Holley, dev-developer-tools
On Wed, Feb 11, 2015 at 9:24 AM, Jordan Santell <jsan...@mozilla.com>
wrote:
> Have been trying these suggestions, and doesn't seem like it's directly an
> Xray issue, as it's exposing chrome to content, not the other way around.
>
Exactly.
> The Cu.exportFunction gets me there, so Function prototype properties are
> accessible, so that seemed to do the trick!
>
Great! That's the intention.
wrote:
> Have been trying these suggestions, and doesn't seem like it's directly an
> Xray issue, as it's exposing chrome to content, not the other way around.
>
> The Cu.exportFunction gets me there, so Function prototype properties are
> accessible, so that seemed to do the trick!
>
0 new messages