Security/Reviews/Gaia/InterAppCommunicationAPI: Difference between revisions

Jump to navigation Jump to search

Security/Reviews/Gaia/InterAppCommunicationAPI (view source)

Revision as of 21:25, 31 January 2014

737 bytes removed ,  31 January 2014
→‎Gecko
Line 118: Line 118:
=== Gecko ===
=== Gecko ===
==== 1. Content/Chrome Segregation ====
==== 1. Content/Chrome Segregation ====
DownloadsAPI is implemented using WebIDL. There was a lot of discussion around what to expose in the case when a page does not have the permission present - see [https://bugzilla.mozilla.org/show_bug.cgi?id=957592 bug 957592] for details.
TBD


==== 2. Process Segregation ====
==== 2. Process Segregation ====
Inter-process communication is performed through DownloadsIPC.jsm & DownloadsAPI.jsm. We are mainly interested in the message which the parent listens for:
The message which the parent listens for:
* Downloads:GetList
* Webapps:Connect
* Downloads:ClearAllDone
* Webapps:GetConnections
* Downloads:Remove
* InterAppConnection:Cancel
* Downloads:Pause
* InterAppMessagePort:PostMessage
* Downloads:Resume
* InterAppMessagePort:Register
* InterAppMessagePort:Unregister
* child-process-shutdown
 


Permissions are checked in the parent before processing any messages, using the standard approach:
Permissions are checked in the parent before processing any messages, using the standard approach:
 
http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppCommService.js#814
  144  receiveMessage: function(aMessage) {
  145    if (!aMessage.target.assertPermission("downloads")) {
  146      debug("No 'downloads' permission!");
  147      return;
  148    }
 
One issue was identified in the way the message was processed however - see bug [https://bugzilla.mozilla.org/show_bug.cgi?id=966141 966141] for details.


==== 3. Data validation & Sanitization ====
==== 3. Data validation & Sanitization ====
The API accepts only minimal data from content, and as such the attack surface is very small, and no issues were found.
TBD


====4. Denial of Service ====
====4. Denial of Service ====
[https://bugzilla.mozilla.org/show_bug.cgi?id=960739 960739] was identified as a potential DoS scenario.
TBD


== Concerns (To-Delete) ==
== Concerns (To-Delete) ==
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/912289"

Navigation menu