Closed Bug 1532926 Opened 6 years ago Closed 6 years ago

Perform a security review of glean's `GleanDebugActivity`

Categories

(Toolkit :: Telemetry, defect, P1)

Product:
Toolkit
Component:
Telemetry
Type:
defect
Points:
1

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox67 --- affected

People

(Reporter: Dexter, Assigned: Dexter)

References

Details

(Whiteboard: [telemetry:mobilesdk:m7])

The GleanDebugActivity is shipped in the release version of the library to help with QA and problem diagnosis. However, other applications could manually start this activity and this might be a potential security problem.

This bug is for discussing any potential issue with this feature and, if required, take the appropriate actions to mitigate risks.

Blocks: 1522430, 1525333
Priority: -- → P3
Whiteboard: [telemetry:mobilesdk:m7]

Hi Daniel! Is there any additional action that should be taken on our end with respect to the security review that we held together on March the 12th?

Can the document be shared here and this bug closed? Or do we need to do anything else to formally close the process?

Assignee: nobody → alessio.placitelli
Points: --- → 1
Flags: needinfo?(dveditz)
Priority: P3 → P1

All right, dumping the docs here. I'm closing this as FIXED, but I'll leave the ni? around for Dan:

Review Request
Action Items

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED

(In reply to Alessio Placitelli [:Dexter] from comment #2)

All right, dumping the docs here. I'm closing this as FIXED, but I'll leave the ni? around for Dan:

Review Request
Action Items

Clearing the ni?: as discussed in the meeting (and highlighted in the docs), there was no major security risk there.

Flags: needinfo?(dveditz)
See Also: → 1599834
You need to log in before you can comment on or make changes to this bug.