Security/ReviewTemplate: Difference between revisions
< Security
Jump to navigation
Jump to search
| Line 33: | Line 33: | ||
* Does it change any existing interfaces? | * Does it change any existing interfaces? | ||
== Module interactions == | == Module/Library interactions == | ||
* What other modules are used (REQUIRES in the makefile, interfaces)? | * What other modules are used (REQUIRES in the makefile, interfaces)? | ||
* What third-party libraries are used (.so, .dll, source code libraries/modules, etc)? | |||
** Have these third-party sources been reviewed for security? | |||
== Data == | == Data == | ||
Revision as of 16:46, 7 October 2010
Security Review Pre-Work
Please fill our the short section below prior to the review, and make sure you contact security@mozilla.org to schedule your actual review.
Overview
Describe the goals and objectives of the feature here.
- Background links
- feature-tracking bug links
- specs or design docs
Threats
Please list the top 3 security threats you have considered during the design and implementation of this feature. What mitigations have you implemented?
- Threat 1
- Threat 2
- Threat 3
Topics To Discuss During The Review
Please be prepared to discuss the following topics as they relate to your feature / project. To the degree you can answer some of these questions prior to the review it will speed up the process, but its not a requirement.
Security and Privacy
- Is this feature a security feature? If it is, what security issues is it intended to resolve?
- Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.
- How are transitions in/out of Private Browsing mode handled?
- Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
- If any content or UI is displayed to the user, in what context is that content presented? Does it have chrome privileges, for example?
- Does the feature include any new cryptographic functions or other security-critical code? Has this code been reviewed and verified by someone familiar with the theory or principles behind it?
Exported APIs
- Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
- Does it interoperate with a web service? How will it do so?
- Explain the significant file formats, names, syntax, and semantics.
- Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
- Does it change any existing interfaces?
Module/Library interactions
- What other modules are used (REQUIRES in the makefile, interfaces)?
- What third-party libraries are used (.so, .dll, source code libraries/modules, etc)?
- Have these third-party sources been reviewed for security?
Data
- What data is read or parsed by this feature?
- What is the output of this feature?
- What storage formats are used?
Reliability
- What failure modes or decision points are presented to the user?
- Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
Configuration
- Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
- Are there build options for developers? [#ifdefs, ac_add_options, etc.]
- What ranges for the tunable are appropriate? How are they determined?
- What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
Relationships to other projects
Are there related projects in the community?
- If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
- Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?