SecurityEngineering/MeetingNotes/09-19-13

From MozillaWiki
Jump to: navigation, search

Agenda 19-Sep-2013

packaged apps on desktop

  • Marco Castelluccio stops by to talk about marketplace signature verification and show us how he got the security and privileges model from Firefox OS running in Desktop Nightly

everything works on desktop except signature verification. For b2g, there's a "hack" for this, but can't on desktop due to needing code signing for addons. Marco wrote a patch on top of insanity. Creates a new trust domain for the marketplace certificate and puts the marketplace cert info in a c file. Still need to figure out a good way for app reviewers to add certs at runtime to test things. Tests pass for marketplace signed apps! Some apis not available (web activities, etc). But a demo showed the email app working in desktop!

Reviews?

Comp cycle?

Too late! for in-cycle tweaks. Exceptions can always be made if warranted. Goal: feedback is spread out and year-round then comp cycle rolls up all of that feedback into compensation, once yearly.

Network + SecEng workday

Update checking

* Can we improve the update and blocklist checking (without loading potentially compromised plugin versions first, or can we improve uptake for firefox.exe updates)
** Tor doesn't like the fact that plugin libraries are loaded before checking the blocklist.  Can we do that first?
  • Also, sideloading add-ons: we should disable them again, right?
  • Finally, the updates are too slow for uptake. What can we do to make that better? Especially on XP
    • can we install in a non-administrator dirs?
    • there's an existing bug open to fix this situation.

Q3 Goals Recap

(see below)

Summit: Revocation open session

- Who's doing it? - Have we submitted a request for it?

Upcoming events/travel/ooo/etc.

- BsidesPDX: keeler is going: http://www.securitybsides.com/w/page/40113672/BsidesPDX

Q3 Goals

  • [ON TRACK] Finish first phase of Sandboxing
    • Outcome: seccomp in e10s/Larch or on nightly + clear roadmap
    • DRI: Sid
      • Consult : E10S contributions to make it reasonably usable in nightly. (without extensions/plugins) assign: ALL as appropriate
      • Implement : [NEW] Fix window.crypto to work in E10S}
      • Implement : [DROPPED] Fix CSP tests to work in E10S garrett + sid - prepped, but for Q4
      • Implement : [AT RISK] land seccomp for Linux (min bar for sandboxing) keeler -

bug 914716 (note to self: ping ben turner, briansmith, or bsmedberg)

      • Research : [AT RISK] Prioritize secomp tightening steps, begin executing it sid
      • Research : [ON TRACK] Create story/plan for addon compatibility monica
  • [ON TRACK] Cookie Clearinghouse
  • [AT RISK] Implement alternative revocation checking mechanisms
    • Outcome: must-staple + pinning + insanity on by default in nightly
    • DRI: Camilo
    • Tasks:
      • Implement : [AT RISK] Enable insanity::pkix validation by default on nightly - landing some next week (9/16)
      • Implement : [DROPPED] Land key pinning
      • Implement : [AT RISK] Land must-staple support
  • [ON TRACK] SafeBrowsing 2.0
    • Outcome: App reputation whitelist on by default in nightly
    • DRI: Monica
    • Tasks:
      • Implement : [NEW] Land app reputation system with whitelist support bug 904607,...