Security/Reviews/BackGroundUpdates
From MozillaWiki
Please use "Edit with form" above to edit this page.
Item Reviewed
| Silent Updates-Background Updates | |
| Target | * https://bugzilla.mozilla.org/show_bug.cgi?id=307181` ** focus on risk as it stands with the windows service for background updates * https://wiki.mozilla.org/Windows_Service_Silent_Update |
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- uses a second copied dir
- updates done here, on next start the existing dir is replaced with the updated one
- interactions with the service via updater.exe
- checks for write access to target dir, if fails launches via service to get rights to install dir
- same as the old process only we prompted previously
- checks for write access to target dir, if fails launches via service to get rights to install dir
What solutions/approaches were considered other than the proposed solution?
`
Why was this solution chosen?
`
Any security threats already considered in the design and why?
`
Threat Brainstorming
- what if they can access program files, but not service dir
- service updates are after regular update
- is update fails then service update does not occur
- is user does not have rights to install service it will fail
- not a sec concern, but should be looked at
- if service has the bug but user cannot update
- can push out an update to always update to address
- this is done in the post update operations
- is the work item used here
- the work item is gone, as the service is on demand and not always running
- any user can start the service
- there are several checks to combat improper use of the service (see the wiki)
- Property "SecReview feature goal" (as page type) with input value "* uses a second copied dir
- updates done here, on next start the existing dir is replaced with the updated one
- interactions with the service via updater.exe
- checks for write access to target dir, if fails launches via service to get rights to install dir
- same as the old process only we prompted previously" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
- Property "SecReview threat brainstorming" (as page type) with input value "* what if they can access program files, but not service dir
- service updates are after regular update
- is update fails then service update does not occur
- is user does not have rights to install service it will fail
- not a sec concern, but should be looked at
- checks for write access to target dir, if fails launches via service to get rights to install dir
- if service has the bug but user cannot update
- can push out an update to always update to address
- this is done in the post update operations
- is the work item used here
- the work item is gone, as the service is on demand and not always running
- any user can start the service
- there are several checks to combat improper use of the service (see the wiki)" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
Action Items
| Action Item Status | Complete | ||||||||
| Release Target | Firefox 12 | ||||||||
| Action Items | |||||||||
|
|||||||||
