MozillaWiki

Security/Reviews/Gaia/InterAppCommunicationAPI: Difference between revisions

Page Discussion

Security/Reviews/Gaia/InterAppCommunicationAPI (view source)

Revision as of 20:59, 3 February 2014

606 bytes removed ,  3 February 2014
→‎2. Process Segregation
 
(3 intermediate revisions by the same user not shown)
Line 118: Line 118:
=== Gecko ===
=== Gecko ===
==== 1. Content/Chrome Segregation ====
==== 1. Content/Chrome Segregation ====
DownloadsAPI is implemented using WebIDL. There was a lot of discussion around what to expose in the case when a page does not have the permission present - see [https://bugzilla.mozilla.org/show_bug.cgi?id=957592 bug 957592] for details.
TBD


==== 2. Process Segregation ====
==== 2. Process Segregation ====
Inter-process communication is performed through DownloadsIPC.jsm & DownloadsAPI.jsm. We are mainly interested in the message which the parent listens for:
The message which the parent listens for:
* Downloads:GetList
* Webapps:Connect
* Downloads:ClearAllDone
* Webapps:GetConnections
* Downloads:Remove
* InterAppConnection:Cancel
* Downloads:Pause
* InterAppMessagePort:PostMessage
* Downloads:Resume
* InterAppMessagePort:Register
* InterAppMessagePort:Unregister
* child-process-shutdown


Permissions are checked in the parent before processing any messages, using the standard approach:
There is no permission associated with Inter App Communications, so we do not have the assertPermission() check in the parent.


  144  receiveMessage: function(aMessage) {
The parent process prevents a compromised child process from sending messages to the parent by verifying the manifestURL sent in the message matches the manifest URL of the publishing app.
  145    if (!aMessage.target.assertPermission("downloads")) {
  146      debug("No 'downloads' permission!");
  147      return;
  148    }
 
One issue was identified in the way the message was processed however - see bug [https://bugzilla.mozilla.org/show_bug.cgi?id=966141 966141] for details.


==== 3. Data validation & Sanitization ====
==== 3. Data validation & Sanitization ====
The API accepts only minimal data from content, and as such the attack surface is very small, and no issues were found.
TBD


====4. Denial of Service ====
====4. Denial of Service ====
[https://bugzilla.mozilla.org/show_bug.cgi?id=960739 960739] was identified as a potential DoS scenario.
TBD


== Concerns (To-Delete) ==
== Concerns (To-Delete) ==
Rfletcher
Confirmed users
353

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/912281...914794"