Closed Bug 1550544 Opened 5 years ago Closed 5 years ago

Untrusted modules telemetry should mark any binary with non-trusted certs as untrusted

Categories

(External Software Affecting Firefox :: Telemetry, defect, P1)

Product:
External Software Affecting Firefox
Component:
Telemetry
Platform:
Unspecified
Windows
Type:
defect

Tracking

(firefox68 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox68 --- fixed

People

(Reporter: bugzilla, Assigned: bugzilla)

References

(Blocks 1 open bug)

Details

(Whiteboard: inj+)

Attachments

(1 file)

Bug 1550544: Clean up untrusted module evaluator; r=agashlin!
47 bytes, text/x-phabricator-request
Details | Review

If a binary has signature, but it is neither signed by Microsoft nor by us, that should automatically disqualify the binary as being trusted.

Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Priority: P3 → P1

This patch takes care of two things:

  1. It changes the module evaluator such that, if a binary is signed but the
    cert is neither Microsoft's nor ours, the binary is automatically
    disqualified.

  2. General cleanup. Use nsIFile::Contains instead of StringBeginsWith for
    checking path containment. Better OO.

Pushed by aklotz@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/50170a11ab58
Clean up untrusted module evaluator; r=agashlin

https://hg.mozilla.org/mozilla-central/rev/50170a11ab58

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: