Confirmed users
133
edits
Security/Reviews/Balrog: Difference between revisions
no edit summary
(Created page with "{{SecReviewInfo |SecReview name=Balrog }} {{SecReview}} {{SecReviewActionStatus |SecReview action item status=None }}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecReviewInfo | {{SecReviewInfo | ||
|SecReview name=Balrog | |SecReview name=Balrog | ||
|SecReview target=https://wiki.mozilla.org/Balrog | |||
}} | |||
{{SecReview | |||
|SecReview feature goal=Balrog is rewrite of AUS, which provides application updates to Firefox and other Mozilla products. Its code lives in a github repository. | |||
Firefox client makes request to AUS service with 8-9 paremeters (eg | |||
/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml) | |||
|SecReview alt solutions=The current solution uses a large number of snippet files which are matched against the parameters. | |||
If a file is matched then the XML version is returned. | |||
There are now a very large number of snippet files which are very difficult to maintain for multiple products when they have integrated parts - it can take 30 mins to publish a new build. | |||
|SecReview solution chosen=Simple and effective. | |||
|SecReview threats considered=Files are checked as a validity test rather than a security one. | |||
All access to the Admin nodes is via HTTPS with LDAP credentials. | |||
The admin actions are logged. | |||
Public nodes are as efficient as possible for scalability which also helps protect against DOS. | |||
|SecReview threat brainstorming=A compromised admin account could be used to upload a JSON blob which points to malware. | |||
An attacker could intercept the binary request and serve malware on an untrusted network. | |||
An attacker could discover a request that consumes a significant amount of processing power on the Public nodes which could enable a DOS attack. | |||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status= | |SecReview action item status=In Progress | ||
|Feature version=Q2 goal for live in nightly channel | |||
|SecReview action items=* bhearsum :: Are MAR signatures checked on all platforms? Only on windows, but hashes checked on all platforms | |||
* releng :: whitelisting URLs that we point to | |||
* releng :: notifications upon human addition (maybe change too?) of a release | |||
* bhearsum :: db dump w/ instructions on how to use | |||
* psiinon :: pentest admin UI | |||
}} | }} | ||
Links: | |||
* https://bugzilla.mozilla.org/show_bug.cgi?id=832462 Balrog SecReview bug | |||
* https://bugzilla.mozilla.org/show_bug.cgi?id=832454 Tracking bug for getting Firefox's "nightly" channel updating through balrog | |||