Closed Bug 1550544 Opened 7 months ago Closed 7 months ago

Untrusted modules telemetry should mark any binary with non-trusted certs as untrusted

Categories

(External Software Affecting Firefox :: Telemetry, defect, P1)

Unspecified
Windows
defect

Tracking

(firefox68 fixed)

RESOLVED FIXED
Tracking Status
firefox68 --- fixed

People

(Reporter: aklotz, Assigned: aklotz)

References

(Blocks 1 open bug)

Details

(Whiteboard: inj+)

Attachments

(1 file)

If a binary has signature, but it is neither signed by Microsoft nor by us, that should automatically disqualify the binary as being trusted.

Assignee: nobody → aklotz
Status: NEW → ASSIGNED
Priority: P3 → P1

This patch takes care of two things:

  1. It changes the module evaluator such that, if a binary is signed but the
    cert is neither Microsoft's nor ours, the binary is automatically
    disqualified.

  2. General cleanup. Use nsIFile::Contains instead of StringBeginsWith for
    checking path containment. Better OO.

Pushed by aklotz@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/50170a11ab58
Clean up untrusted module evaluator; r=agashlin
Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.