SecurityEngineering/NSS Startup and Shutdown in Gecko: Difference between revisions

SecurityEngineering/NSS Startup and Shutdown in Gecko (view source)

Revision as of 23:01, 29 December 2015

843 bytes added , 29 December 2015

add best scenario section

Dkeeler

Confirmed users

307

edits

@@ Line 31: / Line 31: @@
 * Provide a better mechanism for preventing NSS from shutting down (and checking if it has already shut down)
 ** Currently the only way to do this that (mostly) works is for a class to implement the nsNSSShutDownObject mechanism, acquire an nsNSSShutDownPreventionLock and check isAlreadyShutDown. It should be possible to perform the same steps without implementing nsNSSShutDownObject (indeed, this would be better, since that interface has more to do with releasing long-lived NSS resources at shutdown). Furthermore, this mechanism doesn't entirely work, because if an object that implements nsNSSShutDownObject is instantiated after NSS has been shut down, isAlreadyShutDown will actually return false.
+=== Pie-in-the-sky Ultimate Best Scenario ===
+In the best case scenario, it shouldn't even be possible to write code that does the wrong thing. That is, if Gecko code wants to call NSS functions, the very act of calling the functions should first result in a check that NSS has already been initialized and hasn't yet been shut down (and it should not be possible for NSS to shut down on another thread while that function is running). Similarly, any NSS resources held by Gecko code should automatically release themselves when NSS shuts down. The only way I can think of to achieve this is by some sort of static analysis and/or a shim layer that ensures the correct steps are taken (whereupon directly calling NSS functions would be prohibited). This would require significant engineering work on top of the steps already described above.