Application Reputation: disable remote lookup of zip files on Mac and Linux

VERIFIED FIXED in Firefox 39

Status

()

defect
VERIFIED FIXED
4 years ago
4 years ago

People

(Reporter: francois, Assigned: francois)

Tracking

(Blocks 1 bug)

39 Branch
mozilla41
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox39+ fixed, firefox40+ fixed, firefox41 verified)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Assignee

Description

4 years ago
Until bug 1167040 is fixed, we should avoid remote lookups on Mac and Linux for zip files.

My reasoning behind this quick work-around:

- We have always (incorrectly) done remote lookup of all zip files on Windows, so it's not a regression on that platform.
- If we disable all zip file remote lookups on Windows, we will miss some malware.
- We've never had any remote lookups on Mac and Linux in release so even with zip files disabled, we're increasing the coverage on those platforms.
Assignee

Comment 1

4 years ago
/r/9243 - Bug 1167493 - Application Reputation: disable remote lookup of zip files on Mac and Linux

Pull down this commit:

hg pull -r fcf2ae3fb6128fbe9839155b408d893fbf7c1c78 https://reviewboard-hg.mozilla.org/gecko/
Attachment #8609179 - Flags: review?(gpascutto)
Assignee

Updated

4 years ago
Assignee: nobody → francois
Status: NEW → ASSIGNED
Assignee

Updated

4 years ago
QA Contact: mwobensmith
Comment on attachment 8609179 [details]
MozReview Request: bz://1167493/francois

https://reviewboard.mozilla.org/r/9241/#review7929
Attachment #8609179 - Flags: review?(gpascutto) → review+
Assignee

Comment 5

4 years ago
[Tracking Requested - why for this release]: We're not supposed to send metadata about zip files to the remote lookup server unless they contain executable files. Since we are introducing remote lookups on Mac/Linux in 39, we should avoid doing the wrong thing there. On Windows, we've always done it wrong so we can wait for the proper fix as it's not a regression.
https://hg.mozilla.org/mozilla-central/rev/8eb4eb328849
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
Tracking for Firefox40. Francois, could you also add a request to uplift this to mozilla-aurora? It's the tracking flag approval-aurora. Thanks.

After this fix gets stabilized in FF40, we can consider tracking it for FF39. Leaving FF39 flag unchanged.
I don't mind just tracking it now for 39. 
Is this a regression on mac and linux?  If so is it pretty recent? Do we know when it broke?
Flags: needinfo?(francois)
Verified fixed 2015-05-26. 

Monitoring network traffic before and after the patch shows that the safe browsing lookup no longer happens upon downloading the ZIP file.
Status: RESOLVED → VERIFIED
Assignee

Comment 10

4 years ago
This is a regression in 39 on Mac/Linux because prior to bug 1111741 being fixed there were no download lookups at all on those platforms. Windows has always had them (wrongly), so it's not a regression.
Flags: needinfo?(francois)
Assignee

Comment 11

4 years ago
Comment on attachment 8609179 [details]
MozReview Request: bz://1167493/francois

Approval Request Comment
[Feature/regressing bug #]: https://bugzilla.mozilla.org/show_bug.cgi?id=1111741
[User impact if declined]: privacy leak as metadata about all downloaded zip files will be submitted to the remote lookup server. also, the service provider has asked us to avoid sending these lookups to their server.
[Describe test coverage new/current, TreeHerder]: manual tests
[Risks and why]: can't think of any. it only affects mac and linux and these platforms have never had remote lookups in a release.
[String/UUID change made/needed]: none
Attachment #8609179 - Flags: approval-mozilla-beta?
Attachment #8609179 - Flags: approval-mozilla-aurora?
Comment on attachment 8609179 [details]
MozReview Request: bz://1167493/francois

Verified, low risk, new feature, taking it.
Attachment #8609179 - Flags: approval-mozilla-beta?
Attachment #8609179 - Flags: approval-mozilla-beta+
Attachment #8609179 - Flags: approval-mozilla-aurora?
Attachment #8609179 - Flags: approval-mozilla-aurora+
Assignee

Comment 15

4 years ago
Attachment #8609179 - Attachment is obsolete: true
Attachment #8620351 - Flags: review+
You need to log in before you can comment on or make changes to this bug.