Confirmed users
620
edits
FirefoxOS/New security model: Difference between revisions
FirefoxOS/New security model (view source)
Revision as of 08:55, 10 November 2015
, 10 November 2015Adjust format.
(Document the OriginAttributes solution) |
Ethantseng (talk | contribs) (Adjust format.) |
||
| (12 intermediate revisions by 3 users not shown) | |||
| Line 108: | Line 108: | ||
However signed packages will get their own cookies and IndexedDB data. Content inside a signed package will not share cookies, IndexedDB data, etc with unsigned content from the same domain. It will also not share data with content from other signed packages from the same domain. This is to ensure that unsigned content from the same domain can't read for example sensitive data that the signed content has cached in IndexedDB. And to prevent unsigned content from writing into the localStorage that signed content uses and thereby tricking the signed content into performing unintended actions. | However signed packages will get their own cookies and IndexedDB data. Content inside a signed package will not share cookies, IndexedDB data, etc with unsigned content from the same domain. It will also not share data with content from other signed packages from the same domain. This is to ensure that unsigned content from the same domain can't read for example sensitive data that the signed content has cached in IndexedDB. And to prevent unsigned content from writing into the localStorage that signed content uses and thereby tricking the signed content into performing unintended actions. | ||
However when pages from inside a signed package makes network requests to other websites, it should still use the normal cookies from those websites. And if a page from a signed package creates an <iframe> containing an | However when pages from inside a signed package makes network requests to other websites, it should still use the normal cookies from those websites. And if a page from a signed package creates an <iframe> containing an unsigned website, then that website will be loaded with its normal cookies and will have access to its normal IndexedDB data. | ||
In other words, each signed package acts like a separate website. They do not act like a separate "world"/"context". | In other words, each signed package acts like a separate website. They do not act like a separate "world"/"context". | ||
| Line 114: | Line 114: | ||
The way that we will implement this is by generalizing the current <tt>appId</tt> and <tt>isInBrowserElement</tt> mechanism. We will introduce a <tt>OriginAttributes</tt> struct which will hold the "cookie jar" that is used for a given web page. We can then write policies for which parts of this struct is inherited into iframes, and which parts do not. The nsIPrincipal interface will contain one of these structs. We will also have functions for serializing this struct to a string, and for parsing such a string back into a struct. | The way that we will implement this is by generalizing the current <tt>appId</tt> and <tt>isInBrowserElement</tt> mechanism. We will introduce a <tt>OriginAttributes</tt> struct which will hold the "cookie jar" that is used for a given web page. We can then write policies for which parts of this struct is inherited into iframes, and which parts do not. The nsIPrincipal interface will contain one of these structs. We will also have functions for serializing this struct to a string, and for parsing such a string back into a struct. | ||
Most code will treat this OriginAttributes struct as an opaque value. When we store data we store as part of the key the serialization of the OriginAttributes. | Most code will treat this OriginAttributes struct as an opaque value. When we store data we store, as part of the key, the serialization of the OriginAttributes. | ||
Two pages will only be considered same-origin if they have the same scheme+host+port, but also if all of the values inside the OriginAttributes of their nsIPrincipal have the exact same values. | Two pages will only be considered same-origin if they have the same scheme+host+port, but also if all of the values inside the OriginAttributes of their nsIPrincipal have the exact same values. | ||
| Line 131: | Line 131: | ||
== Implementation == | == Implementation == | ||
Search for all the open nsec bugs: http://mzl.la/1SLAWum | |||
* P1: Milestone 1 (Sept 4) | * P1: Milestone 1 (Sept 4) | ||
* P2: Milestone 2 (Oct 2) | * P2: Milestone 2 (Oct 2) | ||
| Line 141: | Line 143: | ||
"blocks": 1153420, | "blocks": 1153420, | ||
"resolution": "---", | "resolution": "---", | ||
"include_fields": "id, priority, summary, status, assigned_to,resolution", | "include_fields": "id, priority, summary, status, assigned_to,resolution,milestone", | ||
"order": "bug_id " | "order": "bug_id " | ||
} | } | ||
| Line 150: | Line 152: | ||
{ | { | ||
"blocks": 1153422, | "blocks": 1153422, | ||
"include_fields": "id, priority, summary, status, assigned_to,resolution", | "include_fields": "id, priority, summary, status, assigned_to,resolution,milestone", | ||
"order": "bug_id" | "order": "bug_id" | ||
} | } | ||
| Line 160: | Line 162: | ||
{ | { | ||
"blocks": 1153423, | "blocks": 1153423, | ||
"include_fields": "id, priority, summary, status, assigned_to,resolution", | "include_fields": "id, priority, summary, status, assigned_to,resolution,milestone", | ||
"order": "bug_id" | "order": "bug_id" | ||
} | } | ||
| Line 170: | Line 172: | ||
{ | { | ||
"blocks": 1153428, | "blocks": 1153428, | ||
"include_fields": "id, priority, summary, status, assigned_to,resolution", | "include_fields": "id, priority, summary, status, assigned_to,resolution,milestone", | ||
"order": "bug_id" | "order": "bug_id" | ||
} | } | ||
| Line 180: | Line 182: | ||
{ | { | ||
"blocks": 1153432, | "blocks": 1153432, | ||
"include_fields": "id, priority, summary, status, assigned_to,resolution", | "include_fields": "id, priority, summary, status, assigned_to,resolution,milestone", | ||
"order": "bug_id" | "order": "bug_id" | ||
} | } | ||
| Line 190: | Line 192: | ||
{ | { | ||
"blocks": 1153433, | "blocks": 1153433, | ||
"include_fields": "id, priority, summary, status, assigned_to,resolution", | "include_fields": "id, priority, summary, status, assigned_to,resolution,milestone", | ||
"order": "bug_id" | "order": "bug_id" | ||
} | } | ||
| Line 200: | Line 202: | ||
{ | { | ||
"blocks": "1153435,1163254,1179985", | "blocks": "1153435,1163254,1179985", | ||
"include_fields": "id, priority, summary, status, assigned_to,resolution", | "include_fields": "id, priority, summary, status, assigned_to,resolution,milestone", | ||
"order": "bug_id" | "order": "bug_id" | ||
} | } | ||
</bugzilla> | </bugzilla> | ||
== 2.5 Sprint Status == | |||
*[https://wiki.mozilla.org/FirefoxOS/New_security_model/FxOS_2.5_Scrum FxOS 2.5 Scrum Status] | |||
*[https://wiki.mozilla.org/FirefoxOS/New_security_model/2.5_Status 2.5 Status] | |||
== Meeting Note == | |||
*[https://wiki.mozilla.org/FirefoxOS/New_security_model/Meetings Meeting Notes] | |||
== References == | |||
*[https://wiki.mozilla.org/FirefoxOS/New_security_model/Getting_Started_with_Signed_Packages Getting Started with Signed Packages] | |||