Closed Bug 1153435 (nsec-origins) Opened 5 years ago Closed 3 years ago

[META] Tracking bug for Origins and Cookie Jars implementation of New Security Model

Categories

(Firefox OS Graveyard :: General, defect, P1)

x86
macOS
defect

Tracking

(Not tracked)

RESOLVED WONTFIX
FxOS-S10 (30Oct)

People

(Reporter: jgong, Unassigned)

References

Details

(Whiteboard: [newsecurity])

User Story

This is a V3 initiative for a New Security Model.  https://wiki.mozilla.org/FirefoxOS/New_security_model

This Meta Bug is for tracking the "Origins and Cookie Jars" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#Origins_and_cookie_jars

*****
Origins and Cookie Jars

The biggest change here is that we should stop always using different cookie jars for different apps. In particular normal unsigned content should always use the same cookie jar no matter which app it belongs to.

However signed packages will get their own cookie jars. So a signed package will not share cookies, IndexedDB data, etc with unsigned content from the same domain. It will also not share data with other signed packages from the same domain. This is to ensure that unsigned content from the same domain can't read for example sensitive data that the signed content has cached in IndexedDB.
This is a V3 initiative for a New Security Model.  https://wiki.mozilla.org/FirefoxOS/New_security_model

This Meta Bug is for tracking the "Origins and Cookie Jars" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#Origins_and_cookie_jars
User Story: (updated)
No longer depends on: nsec-sw
Blocks: nsec
Blocks: nsec-signing
Blocks: nsec-verify
No longer depends on: nsec-verify
Blocks: nsec-signing
No longer depends on: nsec-signing
No longer depends on: nsec-isolation
Blocks: nsec-sw
No longer depends on: nsec-sw
Blocks: nsec-csp
No longer depends on: nsec-csp
No longer depends on: nsec-installing
Blocks: 1153449
Whiteboard: [NewSecurity] → [newsecurity]
Priority: -- → P1
I have one question regarding the new use of cookie jar: If we don't split
cookies to different apps, will [1] still valid? If it's the expected behavior,
should we also apply the same rule to cache, local storage, etc? (like a reverse
work to Bug 756644) Thanks!

[1] https://developer.mozilla.org/en-US/Firefox_OS/Security/Application_security#Apps_can%27t_open_each_other
Yes, the goal is that all "apps" that the user sees will have the same cookie jar, which means that one "app" can launch another "app" by simply navigating to it.

Though really we're entirely removing the concept of "apps" and just using "web content" instead. Hence I'm stopping to use the word "app" entirely and instead simply use "content".

So a lot of what's on [1] will need to be changed. Including the title of the page since we no longer will have "Application"s.

[1] https://developer.mozilla.org/en-US/Firefox_OS/Security/Application_security
Yoshi or Bobby, can you add the neccessary dependencies to this bug. I believe there's a whole host of bugs filed for moving various APIs over the OriginAttributes.
(In reply to Jonas Sicking (:sicking) from comment #3)
> Yoshi or Bobby, can you add the neccessary dependencies to this bug. I
> believe there's a whole host of bugs filed for moving various APIs over the
> OriginAttributes.

That's bug 1179985.
So none of the dependent bugs here actually cover the de-jar-ification of cookies/sessionstorage/etc.  I'm marking those as dependencies.

 Is that covered by bug 1165267, or should I open a new bug?  I also assume we should mark bug 1165277 (sessionStorage), bug 1165269 (HTTP cache), and bug 1165256 (appcache, if we actually care about the appcache on B2G?) as dependencies of this bug?
Flags: needinfo?(jonas)
Ignore the 2nd paragraph of the last comment--forgot to delete that text.
Flags: needinfo?(jonas)
blocking-b2g: --- → 2.5+
blocking-b2g: 2.5+ → ---
Depends on: 1168777
I accidentally remove the 2.5+ flag but cannot turn it back again. 
Sorry Paul can you help to make it 2.5+ again?

Thanks
Flags: needinfo?(ptheriault)
Component: Security → General
Flags: needinfo?(ptheriault)
Product: Firefox → Firefox OS
Target Milestone: --- → FxOS-S10 (30Oct)
blocking-b2g: --- → 2.5+
Depends on: 1201042
blocking-b2g: 2.5+ → ---
Depends on: 1213577
Depends on: 1214071
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.