Confirmed users
353
edits
Security/Reviews/B2G/DownloadManager: Difference between revisions
Jump to navigation
Jump to search
Security/Reviews/B2G/DownloadManager (view source)
Revision as of 21:21, 31 January 2014
, 31 January 2014Undo revision 912286 by Rfletcher (talk)
(→Gecko) |
|||
| Line 121: | Line 121: | ||
=== Gecko === | === Gecko === | ||
==== 1. Content/Chrome Segregation ==== | ==== 1. Content/Chrome Segregation ==== | ||
DownloadsAPI is implemented using WebIDL. There was a lot of discussion around what to expose in the case when a page does not have the permission present - see [https://bugzilla.mozilla.org/show_bug.cgi?id=957592 bug 957592] for details. | |||
==== 2. Process Segregation ==== | ==== 2. Process Segregation ==== | ||
Inter-process communication is performed through DownloadsIPC.jsm & DownloadsAPI.jsm. We are mainly interested in the message which the parent listens for: | |||
* Downloads:GetList | |||
* Downloads:ClearAllDone | |||
* Downloads:Remove | |||
* Downloads:Pause | |||
* Downloads:Resume | |||
Permissions are checked in the parent before processing any messages, using the standard approach: | |||
144 receiveMessage: function(aMessage) { | |||
145 if (!aMessage.target.assertPermission("downloads")) { | |||
146 debug("No 'downloads' permission!"); | |||
147 return; | |||
148 } | |||
One issue was identified in the way the message was processed however - see bug [https://bugzilla.mozilla.org/show_bug.cgi?id=966141 966141] for details. | |||
==== 3. Data validation & Sanitization ==== | ==== 3. Data validation & Sanitization ==== | ||
The API accepts only minimal data from content, and as such the attack surface is very small, and no issues were found. | |||
====4. Denial of Service ==== | ====4. Denial of Service ==== | ||
[https://bugzilla.mozilla.org/show_bug.cgi?id=960739 960739] was identified as a potential DoS scenario. | |||
== Security Risks & Mitigating Controls == | == Security Risks & Mitigating Controls == | ||