Closed
Bug 983363
Opened 10 years ago
Closed 7 years ago
Don't ship debug IAC rules into production
Categories
(Core :: DOM: Device Interfaces, defect)
Core
DOM: Device Interfaces
Tracking
()
RESOLVED
INCOMPLETE
2.0 S4 (20june)
People
(Reporter: ggp, Unassigned)
References
Details
Attachments
(1 file)
Find My Device uses the Inter-App Communication (IAC) API to receive fake commands from a test app. This is only necessary during tests.
The IAC API allows an app to establish rules specifying which other apps it wants to communicate with, by listing in its manifest.webapp the URLs of the manifests of the other apps it is interested in.
We currently have the following two rules in our manifest.webapp, in order to communicate with the test app:
"app://test-findmydevice.gaiamobile.org/manifest.webapp",
"http://test-findmydevice.gaiamobile.org:8080/manifest.webapp"
These URLs, however, could potentially be spoofed by a different app when the test app is not installed, which happens in production builds. Such app could then gain control over Find My Device. Thus, these rules should be removed from production builds.
See https://bugzilla.mozilla.org/show_bug.cgi?id=938901#c27 for a possible security flaw involving this.
|
Reporter | |
Comment 1•10 years ago
|
||
Just noticed that the build system (specifically, build/webapp-manifests.js) is now smart enough to replace the rules in the manifest with the debugging ones if necessary. So we can just remove the hard-coded debug rules now.
Attachment #8406395 -
Flags: review?(21)
|
||
Comment 2•10 years ago
|
||
Let's also keep this bug opened once the first part of the patch lands since app:// can still be spoofed.
Attachment #8406395 -
Flags: review?(21) → review+
|
|
Reporter | |
Updated•10 years ago
|
Keywords: checkin-needed,
leave-open
|
||
Comment 3•10 years ago
|
||
Master: https://github.com/mozilla-b2g/gaia/commit/badf2a6f6d4f4507ce45c0f56f573812fe8ae048
Assignee: nobody → ggoncalves
Keywords: checkin-needed
|
|
||
Updated•10 years ago
|
Attachment #8406395 -
Attachment description: bug 983363 - remove IAC debug rules from find my device → bug 983363 - remove IAC debug rules from find my device [checkin: comment 3]
Gene, could you look at this?
Flags: needinfo?(gene.lian)
|
||
Updated•10 years ago
|
Target Milestone: --- → 2.0 S1 (9may)
|
||
Comment 5•10 years ago
|
||
This one seems to be a Gaia bug. Anyway, although we allow app's manifest to define its own IAC rules, we haven't opened IAC to non-certified apps, which means even if the rules work, it only works for two certified apps to communicate with each other with limitations.
|
|
||
Updated•10 years ago
|
Flags: needinfo?(gene.lian)
|
|
||
Updated•10 years ago
|
Target Milestone: 2.0 S1 (9may) → 2.0 S3 (6june)
|
|
||
Updated•10 years ago
|
blocking-b2g: --- → 2.0?
|
|
||
Updated•10 years ago
|
Target Milestone: 2.0 S3 (6june) → 2.0 S4 (20june)
|
||
Updated•10 years ago
|
blocking-b2g: 2.0? → 2.0+
|
||
Updated•10 years ago
|
Assignee: ggoncalves → nobody
Assignee: nobody → gene.lian
Component: FindMyDevice → DOM: Device Interfaces
Product: Firefox OS → Core
It seems like this doesn't affect us shipping FMD since it is restricted to certified apps on. Correct Gene?
Flags: needinfo?(gene.lian)
|
|
||
Comment 8•10 years ago
|
||
Yes! Correct! IAC doesn't work at all on the non-certified apps. I don't know what else Gecko can support on this bug? Isn't this a pure Gaia bug? May we just close this bug since comment #1 lands? needinfo :gpp. Please correct me if I'm wrong. Thanks! Btw, the way of specifying the manifestURLs in the manifest.webapp is going to be disabled under way (bug 1019493).
Assignee: gene.lian → nobody
Flags: needinfo?(gene.lian) → needinfo?(ggoncalves)
|
|
Reporter | |
Comment 9•10 years ago
|
||
I think there are two possible courses of action for this bug, depending on whether bug 1019493 lands or not, as I can see people still have (justifiable) second thoughts about it. If it lands, then it looks like we can just remove manifestURLs from FMD's manifest and be done with it. If it doesn't, then yes, this remains an issue, but it seems to me that it can be solved by making Gaia's build system smart enough to remove these rules as needed, so I don't think we need anything from Gecko. I also agree that this isn't a major issue right now given that IAC only works for certified apps; however, if the outcome of bug 1019493 is that this restriction doesn't provide enough security, then of course we should follow suit and get this fixed on Gaia as soon as possible.
Depends on: 1019493
Flags: needinfo?(ggoncalves)
|
||
Comment 10•10 years ago
|
||
Bug 1019493 comment 15 confirms we will never attempt to expose IAC to non-certified apps and the patches there seem likely to land. Should we just let bug 1019493's resolution work for this bug, too, and drop the 2.0 blocker here?
Flags: needinfo?(ggoncalves)
|
|
Reporter | |
Comment 11•10 years ago
|
||
I'm OK with that. Once bug 1019493 lands, we should be free to just remove the manifestURLs from our manifest, and I don't think we need to block on this anymore.
Flags: needinfo?(ggoncalves)
|
|
||
Comment 12•10 years ago
|
||
Sounds good. I'll remove the blocking flag here while we wait for bug 1019493 to be resolved.
blocking-b2g: 2.0+ → ---
|
|
||
Updated•10 years ago
|
Flags: needinfo?(elancaster)
|
||
Comment 13•7 years ago
|
||
Cleaning up Device Interfaces component, and mass-marking old FxOS bugs as incomplete. If any of these bugs are still valid, please let me know.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
|
||
Comment 14•6 years ago
|
||
Removing leave-open keyword from resolved bugs, per :sylvestre.
Keywords: leave-open
You need to log in
before you can comment on or make changes to this bug.
Description
•