Closed Bug 1085309 Opened 11 years ago Closed 8 years ago

udp socket api should not allow access to privileged ports (i.e. < 1024)

Categories

(Core :: DOM: Device Interfaces, defect)

Product:
Core
Component:
DOM: Device Interfaces
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: freddy, Unassigned)

References

Details

Attachments

(1 file)

[WIP] privileged-port-for-certified-app-only.patch
3.31 KB, patch
Details | Diff | Splinter Review
I am a bit concerned about the UDPSocket API, and want to start a discussion about its capabilities. Since it allows specifying arbitrary source and and destination ports, an app using this API may be seen as authorized to speak on behalf of the device on the network. This also includes requesting or releasing DHCP leases for example. I was wondering if we should restrict specifying a source port as well as specifying a destination port below 1024 should be limited to certified apps.
If you do this, I assume that certified apps and chrome code can still do it? Since there is so much discussion about extending the DNS service to support SRV, I was thinking of writing a DNS client with UDPSocket and using this in chrome code.
That's the suggestion: UDPSocket with random source port to destination port >1024: privileged apps UDPSocket with specific source port and arbitrary destination port: certified apps (and chrome code)
So you don't trust the review process to prevent bad things from happening?
Because this may prevent legitimate uses for privileged apps too, and that's not cool.
Looks like this is related to apps, which no longer exists. API still exists but is marked ChromeOnly. Marking incomplete.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: