Closed Bug 1539300 Opened 5 years ago Closed 4 years ago

AAarch64 Security Testing actions

Categories

(Firefox Graveyard :: Security: Review Requests, task, P1)

Product:
Firefox Graveyard
Component:
Security: Review Requests
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: pauljt, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: testing)

Security Testing action requested from the security review of AArch64 windows.

  • Make sure the updater is correctly verifying signatures and enforcing the security rules we have on update metadata (matching product and channel, must not be a lower version, etc.). There may be in-tree tests for this for intel windows builds but they would need to be ported.

  • Audit the compiler/linker security features enabled (or disabled) to make sure we're not missing protective features we use in our regular releases.

  • Test/audit that all of our processes have the expected sandbox privilege level

Assignee: nobody → ptheriault
Priority: -- → P1

(In reply to Paul Theriault [:pauljt] from comment #0)

  • Audit the compiler/linker security features enabled (or disabled) to make
    sure we're not missing protective features we use in our regular releases.

Take note of bug 1526443, but it should get resolved at our next update of rust.

Type: enhancement → task

I collected my findings regarding the compiler/linker security features in this doc, what I did is reviewing the diffs between win64 and win-aarch64 files:
https://docs.google.com/document/d/1zn9ZpMi0oz04pvlBB09UFasuE063equoNZjPTXUF9zg/edit

Nothing is outstanding from my perspective, but I'm sharing the recap in case a particular setting happens to have an indirect implication on security I didn't see.

Flags: needinfo?(nfroyd)
Flags: needinfo?(dmajor)

(In reply to Stephanie Ouillon [:arroway] (needinfo me) from comment #2)

I collected my findings regarding the compiler/linker security features in this doc, what I did is reviewing the diffs between win64 and win-aarch64 files:
https://docs.google.com/document/d/1zn9ZpMi0oz04pvlBB09UFasuE063equoNZjPTXUF9zg/edit

Nothing is outstanding from my perspective, but I'm sharing the recap in case a particular setting happens to have an indirect implication on security I didn't see.

Added some explanatory comments in the doc. Thanks!

Flags: needinfo?(nfroyd)
Flags: needinfo?(dmajor)
Assignee: ptheriault → nobody

Closing outdated, unassigned review requests for a non-existent team.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.