65
edits
Firefox3.1/AboutSessionrestore Security Review: Difference between revisions
Jump to navigation
Jump to search
Firefox3.1/AboutSessionrestore Security Review (view source)
Revision as of 17:07, 1 November 2008
, 1 November 2008filled out review
(New page: == Overview == ''Describe the goals and objectives of the feature here.'' ;Background links * feature-tracking bug links * specs or design docs == Security and Privacy == * What security...) |
(filled out review) |
||
| Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
about:sessionrestore is the new in-browser page displayed for repeated crashes from which users can choose to (selectively) restore the crashed session. | |||
;Background links | ;Background links | ||
* | * [https://bugzilla.mozilla.org/show_bug.cgi?id=448976 Tracking bug 448976] - turn the Session Restore prompt into an error page | ||
* | * [https://bugzilla.mozilla.org/attachment.cgi?id=336774 Design mockup] | ||
== Security and Privacy == | == Security and Privacy == | ||
* What security issues do you address in your project? | * What security issues do you address in your project? | ||
** None | |||
* Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | * Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing? | ||
** Wrongly configured prefs will break the SessionStore service as a whole. Shipped default preferences should prevent this from accidentally happening. | |||
* Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | * Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project. | ||
** Web content *must* not be able to access about:sessionrestore, as this page contains potentially sensitive data (the whole session) and the possibility to load arbitrary URLs/cookies (needed to selectively restore the session). It is assumed that correctly implementing nsIAboutModule prevents this from happening. | |||
* How are transitions in/out of Private Browsing mode handled? | * How are transitions in/out of Private Browsing mode handled? | ||
** about:sessionrestore is displayed before the user could enter private browsing mode. | |||
== Exported APIs == | == Exported APIs == | ||
| Line 18: | Line 22: | ||
* Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | * Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully? | ||
* Does it change any existing interfaces? | * Does it change any existing interfaces? | ||
** No new API was added. | |||
== Module interactions == | == Module interactions == | ||
* What other modules are used (REQUIRES in the makefile, interfaces) | * What other modules are used (REQUIRES in the makefile, interfaces) | ||
** None (besides the SessionStore service component where the code has been added) | |||
== Data == | == Data == | ||
* What data is read or parsed by this feature | * What data is read or parsed by this feature | ||
** Session data as provided by nsISessionStore (JSON format) | |||
* What is the output of this feature | * What is the output of this feature | ||
** None/a restored session (same as to what SessionStore already does) | |||
* What storage formats are used | * What storage formats are used | ||
** None, the data is provided by nsSessionStore | |||
== Reliability == | == Reliability == | ||
* What failure modes or decision points are presented to the user? | * What failure modes or decision points are presented to the user? | ||
** The user can decide to restore the crashing session (potentially unselecting unwanted tabs) or load the homepage (which loads in the same tab, so undo is possible) | |||
* Can its files be corrupted by failures? Does it clean up any locks/files after crashes? | * Can its files be corrupted by failures? Does it clean up any locks/files after crashes? | ||
** No files are involved, all required data is stored inside the about:sessionrestore page and then backed up by SessionStore as form data is backed up for all web pages. | |||
== Configuration == | == Configuration == | ||
* Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables? | * Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables? | ||
** The only added pref is *browser.sessionstore.max_resumed_crashes* (default value: 1) which determines after how many consecutive crashes about:sessionrestore is displayed (setting that value to -1 prevents the page from being displayed). Firefox in Safe Mode ignores this preference. | |||
* Are there build options for developers? [#ifdefs, ac_add_options, etc.] | * Are there build options for developers? [#ifdefs, ac_add_options, etc.] | ||
** No | |||
* What ranges for the tunable are appropriate? How are they determined? | * What ranges for the tunable are appropriate? How are they determined? | ||
* What are its on-going maintenance requirements (e.g. Web links, perishable data files)? | * What are its on-going maintenance requirements (e.g. Web links, perishable data files)? | ||
** Should the format emitted by nsISessionStore change (as opposed to extended), minor adjustments might be needed to gather all the required data for presentation. | |||
== Relationships to other projects == | == Relationships to other projects == | ||
Are there related projects in the community? | Are there related projects in the community? | ||
* If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa? | * If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa? | ||
** No | |||
* Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose? | * Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose? | ||
** No | |||
== Review comments == | == Review comments == | ||