Security/Reviews/SnappySymbolSrv: Difference between revisions
No edit summary |
mNo edit summary |
||
| Line 10: | Line 10: | ||
* Used by telemetry to symbolicate chrome hangs when the browser is froozen | * Used by telemetry to symbolicate chrome hangs when the browser is froozen | ||
** uses a build flag that can be disabled | ** uses a build flag that can be disabled | ||
Server code: https://github.com/vdjeric/Snappy-Symbolication-Server/ | |||
|SecReview alt solutions=* Running a symbolication script for the chrome telemetry, but does not address the need of the profiler | |SecReview alt solutions=* Running a symbolication script for the chrome telemetry, but does not address the need of the profiler | ||
* The profiler could simply download the PDBs, but because these files are so big this would significantly slow down the profiling performance. | * The profiler could simply download the PDBs, but because these files are so big this would significantly slow down the profiling performance. | ||
Revision as of 15:39, 2 April 2012
Item Reviewed
| Snappy Symbolication Server | |
| Target | https://wiki.mozilla.org/Snappy_Symbolication_Server |
{{#set:SecReview name=Snappy Symbolication Server |SecReview target=https://wiki.mozilla.org/Snappy_Symbolication_Server }}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- Map library offsets to the function name and optionally line information
- Web application that takes as input a library name, version and address and translate them to the function name
- Uses the breakpad SYM files for this information
- Used by the profiler to symbolicate it's trace file
- Used by telemetry to symbolicate chrome hangs when the browser is froozen
- uses a build flag that can be disabled
Server code: https://github.com/vdjeric/Snappy-Symbolication-Server/
What solutions/approaches were considered other than the proposed solution?
- Running a symbolication script for the chrome telemetry, but does not address the need of the profiler
- The profiler could simply download the PDBs, but because these files are so big this would significantly slow down the profiling performance.
Why was this solution chosen?
- Solve the need of both the profiler and telemetry while performing superious user experience but not requiring users of the profiler to download several MBs of PDBs.
Any security threats already considered in the design and why?
- any significant privacy concerns?
- no, only a basic api, no identifiers passed back and forth
- this is the privacy-sensitive way to send back chromehang reports: because the stackwalking occurs on the client, we aren't sending a minidump which may contain user data (this approach chosen in response to prior decision that we could not send minidumps as part of telemetry) - no significant changes to the product code - do not want to expose Flash symbols via this API, https://bugzilla.mozilla.org/show_bug.cgi?id=732485 filed
Threat Brainstorming
- fingerprinting via crash info
- https://bugzilla.mozilla.org/show_bug.cgi?id=644762
- https://bugzilla.mozilla.org/show_bug.cgi?id=644892
- ships only in the profiling branch right now, might go to nightly at some point
- user must opt-in to 2 add-ons
- Gecko Profiler Add-on (Developped by BenWa)
- about:snappy Add-on (Developped by jmuizelaar)
{{#set: SecReview feature goal=* Map library offsets to the function name and optionally line information
- Web application that takes as input a library name, version and address and translate them to the function name
- Uses the breakpad SYM files for this information
- Used by the profiler to symbolicate it's trace file
- Used by telemetry to symbolicate chrome hangs when the browser is froozen
- uses a build flag that can be disabled
Server code: https://github.com/vdjeric/Snappy-Symbolication-Server/ |SecReview alt solutions=* Running a symbolication script for the chrome telemetry, but does not address the need of the profiler
- The profiler could simply download the PDBs, but because these files are so big this would significantly slow down the profiling performance.
|SecReview solution chosen=* Solve the need of both the profiler and telemetry while performing superious user experience but not requiring users of the profiler to download several MBs of PDBs. |SecReview threats considered=- any significant privacy concerns?
- no, only a basic api, no identifiers passed back and forth
- this is the privacy-sensitive way to send back chromehang reports: because the stackwalking occurs on the client, we aren't sending a minidump which may contain user data (this approach chosen in response to prior decision that we could not send minidumps as part of telemetry) - no significant changes to the product code - do not want to expose Flash symbols via this API, https://bugzilla.mozilla.org/show_bug.cgi?id=732485 filed |SecReview threat brainstorming=* fingerprinting via crash info
- https://bugzilla.mozilla.org/show_bug.cgi?id=644762
- https://bugzilla.mozilla.org/show_bug.cgi?id=644892
- ships only in the profiling branch right now, might go to nightly at some point
- user must opt-in to 2 add-ons
- Gecko Profiler Add-on (Developped by BenWa)
- about:snappy Add-on (Developped by jmuizelaar)
}}
Action Items
| Action Item Status | In Progress | ||||||||||||
| Release Target | ` | ||||||||||||
| Action Items | |||||||||||||
|
|||||||||||||
{{#set:|SecReview action item status=In Progress
|Feature version=`
|SecReview action items=
| Who | Action | By When | Completed date |
| curtisk | Start a privacy review of the feature/td> | by 16-Mar-2011 | [ON TRACK] https://wiki.mozilla.org/Privacy/Reviews/SnappySymbolicServer |
| TBD | code review | before migrating to Aurora | [NEW] in progress |
}}