Security/B2G/2013 9 14

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_8_27

News

1.2 Reviews https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdHNaNUFrQS00Q09FbUFZUmQ5eThpOFE#gid=0 https://wiki.mozilla.org/B2G/Architecture/System_Security/Seccomp#Whitelist_performance_optimizations

  • Scrum for Security (see emails first)
 * http://scrumbu.gs/
 * http://standu.ps/

HN article template flatfish New actors for 1.2 freeze

  • file manager actor
  • uploading applications
  • taking screenshots

mozapp roles https://bugzilla.mozilla.org/show_bug.cgi?id=912340 updates frederik

Weekly goals

[dchan] - finish gecko review doc and other reviews

Goal Status Updates

  • [:cr] compiled list of JavaScript code analysis tools: https://wiki.mozilla.org/Security/B2G/JavaScript_code_analysis (concludes Q3 goal)
  • [:cr] We now have FxOS app access via s3 !!1!11 (malware statistics Q3 goal)
    • 1.3 GByte of zip files
    • 1071 app archives (some are several versions of one app)
    • 847 unique app IDs
    • A little permission statistics for the curious:
809 no permissions
110 geolocation
 91 systemXHR
 62 storage
 49 desktop-notification
 29 contacts/readwrite
 25 device-storage:sdcard/readonly
 24 alarms
 21 device-storage:sdcard/readwrite
 19 browser
 15 device-storage:pictures/readonly
 14 audio-channel-content
 13 tcp-socket
 13 fmradio
 11 mobilenetwork
 11 device-storage:videos/readonly
 10 device-storage:music/readonly
  7 device-storage:pictures/readcreate
  6 camera
  6 audio-channel-normal
  5 device-storage:pictures/readwrite
  4 wifi-manage/readcreate
  3 device-storage:videos/readcreate
  3 device-storage:music/readcreate
  3 contacts/readcreate
  3 audio-channel-notification
  2 wifi-manage
  2 push
  2 mobileconnection
  1 device-storage:videos/readwrite
  1 device-storage/readwrite
  1 contacts/readonly
  1 audio-channel-alarm

Sandboxing discussion (hardening communications protocols) https://docs.google.com/a/mozilla.com/document/d/1FzEoykPYnI_abQnb1EzyEjUHJAn4oEyWg4DGP936hKo/edit#heading=h.jhnrxuan8rc1