Personal tools

Security/Reviews/SnappySymbolSrv

From MozillaWiki

Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

Snappy Symbolication Server
Target https://wiki.mozilla.org/Snappy_Symbolication_Server


Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • Map library offsets to the function name and optionally line information
  • Web application that takes as input a library name, version and address and translate them to the function name
  • Uses the breakpad SYM files for this information
  • Used by the profiler to symbolicate it's trace file
  • Used by telemetry to symbolicate chrome hangs when the browser is froozen
    • uses a build flag that can be disabled

Server code: https://github.com/vdjeric/Snappy-Symbolication-Server/

What solutions/approaches were considered other than the proposed solution?

  • Running a symbolication script for the chrome telemetry, but does not address the need of the profiler
  • The profiler could simply download the PDBs, but because these files are so big this would significantly slow down the profiling performance.

Why was this solution chosen?

  • Solve the need of both the profiler and telemetry while performing superious user experience but not requiring users of the profiler to download several MBs of PDBs.

Any security threats already considered in the design and why?

- any significant privacy concerns?

- no, only a basic api, no identifiers passed back and forth

- this is the privacy-sensitive way to send back chromehang reports: because the stackwalking occurs on the client, we aren't sending a minidump which may contain user data (this approach chosen in response to prior decision that we could not send minidumps as part of telemetry) - no significant changes to the product code - do not want to expose Flash symbols via this API, https://bugzilla.mozilla.org/show_bug.cgi?id=732485 filed

Threat Brainstorming


Action Items

Action Item Status Complete
Release Target `
Action Items
WhobugActionBy WhenCompleted date
curtiskStart a privacy review of the feature/td>by 16-Mar-2011[ON TRACK] https://wiki.mozilla.org/Privacy/Reviews/SnappySymbolicServer
dchanbug 744126code review before migrating to Aurora[DONE] done
ID Summary Priority Status
744126 [Security Review][Action Item]Snappy Symbolic Server - Code Review -- RESOLVED

Open; Resolved; Total (100% complete)