Security/B2G/2014 1 29
Contents
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_12_17
Agenda Items
[arroway] NFC workweek
* that was a planning workweek to decide of a common roadmap for NFC Payment * developper signature for apps (UICC access control * UI stuff
News
New roadmap: https://wiki.mozilla.org/Security/Roadmap Reviews - Where's my fox - Inter-app communication (omerta) - Support delivery reports (919977) - Firefox OS Accounts (incl. 935232) Review Triage - OMA-push - Send MMS to email (840515) - Emoji support in SMS - MAC address based firewall (e.g. iptables) & its corresponding API for Gaia < is that for adb/debugging over wifi? (firewalling based on mac addresses is useless) - Expose a server TCP socket API to web applications - dhcpd & admission control, & corresponding API for Gaia - NFC payments? < no code yet Hardening: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdG5SMFJIckJBNnJfNlJHWUtLZFBMN3c#gid=0 Goals: What are our overall objectives? 1. Provide b2g security assurance
Catching security oversights
Identifying and promoting good security practices (consistency, patterns and practices)
closing the bug loop, pushing bugs to completion
incident management
embedding/team support/security guidance
2. Push security feature development
Identify and drive security features on the program
hacking on features
co-ordinating/encouraging community contributions
Notes
- Goals
kang: i added some doc for seccomp. i feel like my mdn doc is in wikimo and vice versa. But meh. https://wiki.mozilla.org/Security/Sandbox/Seccomp - hopefully it helps to understand the technical details Wanna help sandbox? Pick your favorite bug https://bugzilla.mozilla.org/show_bug.cgi?id=929277 -> possibility to reach out and get community contributions? (freddy asks) if possible, thatd be cool
