Closed
Bug 1208847
Opened 10 years ago
Closed 10 years ago
Add telemetry to measure how often secure cookies are set from non-secure origins
Categories
(Core :: Networking: Cookies, defect)
Core
Networking: Cookies
Tracking
()
RESOLVED
FIXED
mozilla44
People
(Reporter: rbarnes, Assigned: rbarnes)
References
Details
Attachments
(1 file)
|
3.08 KB,
patch
|
mcmanus
:
review+
lizzard
:
approval-mozilla-aurora+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Some recent research highlights risks that arise from non-secure origins being able to set secure cookies.
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-zheng-updated.pdf
As a prelude to making any changes to cookie handling rules, we should add a telemetry probe to see how often this happens in practice. (For completeness, though, let's measure the whole matrix of cookie/origin secure/nonsecure.)
|
Assignee | |
Comment 1•10 years ago
|
||
Assignee: nobody → rlb
Status: NEW → ASSIGNED
Attachment #8666474 -
Flags: review?(mcmanus)
Attachment #8666474 -
Flags: feedback?(vladan.bugzilla)
|
||
Updated•10 years ago
|
Attachment #8666474 -
Flags: review?(mcmanus) → review+
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8666474 [details] [diff] [review]
bug-1208847.0.patch
Review of attachment 8666474 [details] [diff] [review]:
-----------------------------------------------------------------
::: toolkit/components/telemetry/Histograms.json
@@ +7563,5 @@
> "description": "How often would blocked mixed content be allowed if HSTS upgrades were allowed? 0=display/no-HSTS, 1=display/HSTS, 2=active/no-HSTS, 3=active/HSTS"
> },
> + "COOKIE_SCHEME_SECURITY": {
> + "alert_emails": ["seceng@mozilla.org"],
> + "expires_in_version": "50",
can we make this expire sooner since it's opt-out?
@@ +7566,5 @@
> + "alert_emails": ["seceng@mozilla.org"],
> + "expires_in_version": "50",
> + "kind": "enumerated",
> + "n_values": 10,
> + "releaseChannelCollection": "opt-out",
since this is opt-out, i have to ask what is the expected user-benefit from this probe? making users more secure by potentially blocking secure cookies from non-secure origins?
who will be monitoring the data collected by this probe?
Attachment #8666474 -
Flags: feedback?(vladan.bugzilla)
|
|
Assignee | |
Comment 3•10 years ago
|
||
(In reply to Vladan Djeric (:vladan) -- please needinfo! from comment #2)
> Comment on attachment 8666474 [details] [diff] [review]
> bug-1208847.0.patch
>
> Review of attachment 8666474 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> ::: toolkit/components/telemetry/Histograms.json
> @@ +7563,5 @@
> > "description": "How often would blocked mixed content be allowed if HSTS upgrades were allowed? 0=display/no-HSTS, 1=display/HSTS, 2=active/no-HSTS, 3=active/HSTS"
> > },
> > + "COOKIE_SCHEME_SECURITY": {
> > + "alert_emails": ["seceng@mozilla.org"],
> > + "expires_in_version": "50",
>
> can we make this expire sooner since it's opt-out?
It's hard to say how soon we'll be able to make the judgement on whether we can take action here. I'd prefer to give ourselves some runway.
> @@ +7566,5 @@
> > + "alert_emails": ["seceng@mozilla.org"],
> > + "expires_in_version": "50",
> > + "kind": "enumerated",
> > + "n_values": 10,
> > + "releaseChannelCollection": "opt-out",
>
> since this is opt-out, i have to ask what is the expected user-benefit from
> this probe? making users more secure by potentially blocking secure cookies
> from non-secure origins?
Precisely. Since security changes often break things (the change being considered here is known to break some stuff), we need really solid telemetry before we make changes.
> who will be monitoring the data collected by this probe?
Security engineering team, e.g., me, :ckerschb.
|
|
Assignee | |
Comment 5•10 years ago
|
||
Comment on attachment 8666474 [details] [diff] [review]
bug-1208847.0.patch
Approval Request Comment
[Feature/regressing bug #]: Gather information about secure cookie usage (see link in bug for security research)
[User impact if declined]: Slower reaction to risks noted in the bug
[Describe test coverage new/current, TreeHerder]: manual verification of correct data collection, https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=b9496d4f7bfd
[Risks and why]: Low risk; small change to cookie setting code
[String/UUID change made/needed]: None
Attachment #8666474 -
Flags: approval-mozilla-beta?
Attachment #8666474 -
Flags: approval-mozilla-aurora?
|
||
Comment 6•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
status-firefox44:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
|
|
||
Comment 7•10 years ago
|
||
Comment on attachment 8666474 [details] [diff] [review]
bug-1208847.0.patch
Approved for aurora and beta, this should show up in beta 3.
Attachment #8666474 -
Flags: approval-mozilla-beta?
Attachment #8666474 -
Flags: approval-mozilla-beta+
Attachment #8666474 -
Flags: approval-mozilla-aurora?
Attachment #8666474 -
Flags: approval-mozilla-aurora+
|
||
Updated•10 years ago
|
status-firefox42:
--- → affected
status-firefox43:
--- → affected
|
|
||
Comment 8•10 years ago
|
||
|
|
||
Comment 9•10 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•