Security/Reviews/SnappySymbolSrv

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

Snappy Symbolication Server
Target https://wiki.mozilla.org/Snappy_Symbolication_Server


Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • Map library offsets to the function name and optionally line information
  • Web application that takes as input a library name, version and address and translate them to the function name
  • Uses the breakpad SYM files for this information
  • Used by the profiler to symbolicate it's trace file
  • Used by telemetry to symbolicate chrome hangs when the browser is froozen
    • uses a build flag that can be disabled

Server code: https://github.com/vdjeric/Snappy-Symbolication-Server/

What solutions/approaches were considered other than the proposed solution?

  • Running a symbolication script for the chrome telemetry, but does not address the need of the profiler
  • The profiler could simply download the PDBs, but because these files are so big this would significantly slow down the profiling performance.

Why was this solution chosen?

  • Solve the need of both the profiler and telemetry while performing superious user experience but not requiring users of the profiler to download several MBs of PDBs.

Any security threats already considered in the design and why?

- any significant privacy concerns?

- no, only a basic api, no identifiers passed back and forth

- this is the privacy-sensitive way to send back chromehang reports: because the stackwalking occurs on the client, we aren't sending a minidump which may contain user data (this approach chosen in response to prior decision that we could not send minidumps as part of telemetry) - no significant changes to the product code - do not want to expose Flash symbols via this API, https://bugzilla.mozilla.org/show_bug.cgi?id=732485 filed

Threat Brainstorming

  • Property "SecReview feature goal" (as page type) with input value "* Map library offsets to the function name and optionally line information
    • Web application that takes as input a library name, version and address and translate them to the function name
    • Uses the breakpad SYM files for this information
    • Used by the profiler to symbolicate it's trace file
    • Used by telemetry to symbolicate chrome hangs when the browser is froozen
      • uses a build flag that can be disabled
    Server code: https://github.com/vdjeric/Snappy-Symbolication-Server/" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
  • Property "SecReview alt solutions" (as page type) with input value "* Running a symbolication script for the chrome telemetry, but does not address the need of the profiler
    • The profiler could simply download the PDBs, but because these files are so big this would significantly slow down the profiling performance." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
    • Property "SecReview threats considered" (as page type) with input value "- any significant privacy concerns?
    - no, only a basic api, no identifiers passed back and forth
    

    - this is the privacy-sensitive way to send back chromehang reports: because the stackwalking occurs on the client, we aren't sending a minidump which may contain user data (this approach chosen in response to prior decision that we could not send minidumps as part of telemetry) - no significant changes to the product code

    - do not want to expose Flash symbols via this API, https://bugzilla.mozilla.org/show_bug.cgi?id=732485 filed" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
  • Property "SecReview threat brainstorming" (as page type) with input value "* fingerprinting via crash info

Action Items

Action Item Status Complete
Release Target `
Action Items
WhobugActionBy WhenCompleted date
curtiskStart a privacy review of the feature/td>by 16-Mar-2011[ON TRACK] https://wiki.mozilla.org/Privacy/Reviews/SnappySymbolicServer
dchanbug 744126code review before migrating to Aurora[DONE] done
Full Query
ID Summary Priority Status
744126 [Security Review][Action Item]Snappy Symbolic Server - Code Review -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

The given value "

WhobugActionBy WhenCompleted date

curtiskStart a privacy review of the feature/td>by 16-Mar-2011[ON TRACK] https://wiki.mozilla.org/Privacy/Reviews/SnappySymbolicServer

dchanbug 744126code review before migrating to Aurora[DONE] done


Full Query
ID Summary Priority Status
744126 [Security Review][Action Item]Snappy Symbolic Server - Code Review -- RESOLVED

1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.