SecurityEngineering/MeetingNotes/09-19-13
Contents
Agenda 19-Sep-2013
packaged apps on desktop
- Marco Castelluccio stops by to talk about marketplace signature verification and show us how he got the security and privileges model from Firefox OS running in Desktop Nightly
everything works on desktop except signature verification. For b2g, there's a "hack" for this, but can't on desktop due to needing code signing for addons. Marco wrote a patch on top of insanity. Creates a new trust domain for the marketplace certificate and puts the marketplace cert info in a c file. Still need to figure out a good way for app reviewers to add certs at runtime to test things. Tests pass for marketplace signed apps! Some apis not available (web activities, etc). But a demo showed the email app working in desktop!
Reviews?
- https://metrics.mozilla.com/bugzilla-analysis/ReviewIntensity.html
- https://wiki.mozilla.org/SecurityEngineering/CodeReviewGuidelines
- previous discussions: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/09-05-13 , https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/09-12-13
- wiki now says that reviewer should not go longer than week without communication with the reviewee
Comp cycle?
Too late! for in-cycle tweaks. Exceptions can always be made if warranted. Goal: feedback is spread out and year-round then comp cycle rolls up all of that feedback into compensation, once yearly.
Network + SecEng workday
- https://etherpad.mozilla.org/network-security-meetup
- network team is interested in getting rid of OCSP fetching (depends on insanity)
- helped build awareness of our goals and our work within the network team
- devtools brainstorm was fun
Update checking
* Can we improve the update and blocklist checking (without loading potentially compromised plugin versions first, or can we improve uptake for firefox.exe updates) ** Tor doesn't like the fact that plugin libraries are loaded before checking the blocklist. Can we do that first?
- Also, sideloading add-ons: we should disable them again, right?
- Finally, the updates are too slow for uptake. What can we do to make that better? Especially on XP
- can we install in a non-administrator dirs?
- there's an existing bug open to fix this situation.
Q3 Goals Recap
(see below)
Summit: Revocation open session
- Who's doing it? - Have we submitted a request for it?
Upcoming events/travel/ooo/etc.
- BsidesPDX: keeler is going: http://www.securitybsides.com/w/page/40113672/BsidesPDX
Q3 Goals
- [ON TRACK] Finish first phase of Sandboxing
- Outcome: seccomp in e10s/Larch or on nightly + clear roadmap
- DRI: Sid
- Consult : E10S contributions to make it reasonably usable in nightly. (without extensions/plugins) assign: ALL as appropriate
- Implement : [NEW] Fix window.crypto to work in E10S}
- Implement : [DROPPED] Fix CSP tests to work in E10S garrett + sid - prepped, but for Q4
- Implement : [AT RISK] land seccomp for Linux (min bar for sandboxing) keeler -
bug 914716 (note to self: ping ben turner, briansmith, or bsmedberg)
- Research : [AT RISK] Prioritize secomp tightening steps, begin executing it sid
- Research : [ON TRACK] Create story/plan for addon compatibility monica
- [ON TRACK] Cookie Clearinghouse
- Outcome: Identify feasibility/effectiveness and nail down spec: https://github.com/CookieClearinghouse/protocol/wiki/Proposed-List-Formats
- DRI: Monica
- Tasks:
- Implement : [NEW] spec out and make go/nogo decision on implementation
- Consult : [NEW] drive Stanford effort to stable spec
- [AT RISK] Implement alternative revocation checking mechanisms
- Outcome: must-staple + pinning + insanity on by default in nightly
- DRI: Camilo
- Tasks:
- Implement : [AT RISK] Enable insanity::pkix validation by default on nightly - landing some next week (9/16)
- Implement : [DROPPED] Land key pinning
- Implement : [AT RISK] Land must-staple support
- [ON TRACK] SafeBrowsing 2.0
- Outcome: App reputation whitelist on by default in nightly
- DRI: Monica
- Tasks:
- Implement : [NEW] Land app reputation system with whitelist support bug 904607,...
