makary/bookmarkfs
1
0
Fork 0
mirror of https://git.sr.ht/~cismonx/bookmarkfs synced 2025-07-02 23:38:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

backend_firefox: no db_check() in sandbox mode

Browse source 
Following commit 35d4a93a41, now only perform `PRAGMA quick_check`
in non-sandbox mode before querying data on the database.

Although in practice SQLite does well in terms of memory safety,
most likely way better than BookmarkFS itself, we consider
sandboxing a stronger security guarantee than `PRAGMA quick_check`.
This commit is contained in:
CismonX 2025-02-26 14:06:18 +08:00
parent d01554400c
commit 0fd2cbbc9d
No known key found for this signature in database
GPG key ID: 3094873E29A482FB
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/backend_firefox.c
View file

@ -2843,13 +2843,13 @@ backend_create (
if (0 != db_pragma(db, pragmas, DB_PRAGMA_ITEMS_CNT(pragmas))) { if (0 != db_pragma(db, pragmas, DB_PRAGMA_ITEMS_CNT(pragmas))) {
goto close_db; goto close_db;
} }
if (0 != db_check(db)) {
goto close_db;
}
uint64_t bookmarks_root_id = UINT64_MAX; uint64_t bookmarks_root_id = UINT64_MAX;
uint64_t tags_root_id = UINT64_MAX; uint64_t tags_root_id = UINT64_MAX;
if (conf->flags & BOOKMARKFS_BACKEND_NO_SANDBOX) { if (conf->flags & BOOKMARKFS_BACKEND_NO_SANDBOX) {
if (0 != db_check(db)) {
goto close_db;
}
// Defer initialization in sandbox mode, so that // Defer initialization in sandbox mode, so that
// user-provided data is only read after entering sandbox. // user-provided data is only read after entering sandbox.
if (0 != store_init(db, &bookmarks_root_id, &tags_root_id)) { if (0 != store_init(db, &bookmarks_root_id, &tags_root_id)) {