Should preferences be read from default branch only?

RESOLVED FIXED in Firefox 68

Status

()

enhancement
RESOLVED FIXED
4 months ago
3 months ago

People

(Reporter: leplatrem, Assigned: leplatrem)

Tracking

other
Firefox 68
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

Attachments

(1 attachment)

We should check if we have some preferences that are not meant to be changed by users, by web extensions, or during runtime.

Those could be read from default branch only.

For example, services.settings.poll_interval is set to 24H. We can imagine using Normandy to change it and increase the frequency. But we never did, and having this value as a pref opens the possibility for an attacker to change the value and disable updates.

https://searchfox.org/mozilla-central/rev/e7d9a8749303b39dadcc0e18ea0d60a570a68145/services/settings/servicesSettings.manifest#5

Type: defect → enhancement

Apparently, there is a way to set min/max values for timer intervals: https://bugzilla.mozilla.org/show_bug.cgi?id=1315505

We could set min/max to 1H / 72H or anything that's not more than a week.

As for preferences, the only 2 that we never change at run-time are:

  • services.settings.changes.path
  • services.settings.default_signer

And they could both become constants.

All other prefs are used to store state between sessions (last Etag etc.) or by the Remote Settings Dev Tools to switch environments (eg. Server)

Assignee: nobody → mathieu
Assignee: mathieu → nobody
Assignee: nobody → mathieu
Pushed by mleplatre@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8553fd10ee89
Add guardrails for Remote Settings preferences r=glasserc
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68
You need to log in before you can comment on or make changes to this bug.