Closed Bug 1140393 Opened 10 years ago Closed 8 years ago

Randomize nfcd socket name

Categories

(Firefox OS Graveyard :: NFC, defect)

Product:
Firefox OS Graveyard
Component:
NFC
Platform:
All
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: tzimmermann, Assigned: tzimmermann)

References

Details

Attachments

(1 file)

[01] Bug 1140393: Append random postfix to nfcd socket name
7.87 KB, patch
Details | Diff | Splinter Review
This is a follow-up bug for bug 1109592. Gecko should randomize the name of the nfcd socket for improved reliability and security.
The idea of this patch is to append a random string to the nfcd socket name. This prevents name collisions with other (stale) sockets, and makes it a lot harder for malicious processes to capture the socket name.
Attachment #8573919 - Flags: review?(allstars.chh)
Attachment #8573919 - Flags: feedback?(dlee)
Comment on attachment 8573919 [details] [diff] [review] [01] Bug 1140393: Append random postfix to nfcd socket name Review of attachment 8573919 [details] [diff] [review]: ----------------------------------------------------------------- Hi Thomas, The coding part looks good to me. But i am not an security expert, so i don't think i can provide any suggestion or comment here.
Attachment #8573919 - Flags: feedback?(dlee)
I'd like to know more detail what kind of security problem we'd like to fix here.
Hi, Let me emphasize that this patch is more about reliability and less about security. With the patches in bug 1109592, |NfcService| will create a socket with the fixed address 'nfcd'. If that address is already present on the device, NFC startup probably fails or gives incorrect results. There are a number of reasons why a socket with this address might be present. 1) If there's a bug in the shutdown code or if Gecko crashes, a stale open socket with the address 'nfcd' might remain in the system's kernel. Mind that a listen socket's addresses is not immediately released within the kernel if the socket is not accessible any more. Restarting NFC would fail to bind its new listen socket to that address until the kernel released the address after some time (a few minutes). 2) Another case is a malicious process on the system that tries to block or capture NFC data transfers between Gecko and NFC. To block, it would just create a socket with the address 'nfcd' and prevent Gecko from doing the same; to capture, it could connect to Gecko's listen socket before nfcd can do so. The patch does not give reliably authentication between Gecko and nfcd, but randomizing the socket's address makes it almost impossible to interfere with the connection setup; neither in the case of stale sockets nor in the case of a malicious process.
Comment on attachment 8573919 [details] [diff] [review] [01] Bug 1140393: Append random postfix to nfcd socket name Bug 1109592 has caused blockers and it now has problems on emulator (Bug 1164786) we don't have enough resource to fix them now, so I cancel r? until this goes more stable or we have more resources.
Attachment #8573919 - Flags: review?(allstars.chh)
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: