WebAPI/Security/TCPSocket: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Name of API: Socket API | Name of API: Socket API | ||
Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc | Reference | ||
*https://bugzilla.mozilla.org/show_bug.cgi?id=733573 | |||
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Asm37KDoVB4/discussion | |||
Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc | |||
General Use Cases: None | General Use Cases: None | ||
Inherent threats:Malicious apps attacking internal systems (firewall bypass), local device access | Inherent threats: Malicious apps attacking internal systems (firewall bypass), local device access | ||
Threat severity: High | Threat severity: High | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases for unauthenticated code: None | |||
Authorization model for normal content: None | |||
Authorization model for installed content: None | |||
Potential mitigations:N/A | |||
== Privileged (approved by app store) == | |||
Use cases: Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols | |||
Authorization model: Implicit | |||
Potential mitigations: | |||
*Firewall should prohibit access to privileged low number OS ports (<1024). | |||
*Listening on a port < 1024 should be prohibited. | |||
* | *Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions? | ||
*Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions | |||
== Certified ( | == Certified (system-critical apps) == | ||
*Use cases | *Use cases: Open a connection to any domain/port | ||
*Authorization model: Implicit | *Authorization model: Implicit | ||
*Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode) | *Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode) | ||
Revision as of 21:51, 6 August 2012
Name of API: Socket API
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=733573
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Asm37KDoVB4/discussion
Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc
General Use Cases: None
Inherent threats: Malicious apps attacking internal systems (firewall bypass), local device access
Threat severity: High
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations:N/A
Privileged (approved by app store)
Use cases: Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols
Authorization model: Implicit
Potential mitigations:
- Firewall should prohibit access to privileged low number OS ports (<1024).
- Listening on a port < 1024 should be prohibited.
- Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions?
Certified (system-critical apps)
- Use cases: Open a connection to any domain/port
- Authorization model: Implicit
- Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)