Add "is Admin with UAC disabled" telemetry scalar
Categories
(Toolkit :: Telemetry, task, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | fixed |
People
(Reporter: aklotz, Assigned: toshi, Mentored)
References
(Blocks 1 open bug)
Details
Attachments
(2 files, 1 obsolete file)
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
1.96 KB,
text/plain
|
chutten
:
data-review+
|
Details |
It would be useful to know whether Firefox is running as Administrator with UAC disabled.
Because the launcher process affects the state of our own process's privileges, this check would need two steps:
- Is our process token a member of the Administrators group? AND
- Is UAC disabled in the registry? (NB: Checking our own token for high integrity won't work because the launcher process by default automagically drops our integrity level to medium)
|
||
Comment 1•4 months ago
|
||
Is this necessary to be included in the Environment? The Environment is submitted in almost every ping and is already quite large
|
Reporter | |
Comment 2•4 months ago
|
||
Well, the question that we would want to ask is, "What percentage of Windows users are running as Administrator with UAC disabled?"
If there is a better location for this that still allows us to answer that question, I'm all ears.
|
|
||
Comment 3•4 months ago
|
||
Assuming that "clients" is a useful substitute for "users" in this case, a bool Scalar would do the trick. Since it's a Scalar it'll automatically appear in main_summary so you'll be able to write
SELECT
COUNT(DISTINCT client_id) AS client_count
FROM main_summary
WHERE
scalar_parent_is_admin_with_uac_disabled -- or however it ends up named
AND os = 'Windows_NT'
AND os_version >= '10' -- I don't know if the APIs and capabilities are Win10+ or not
AND app_version >= '70' -- or whenever it lands
AND submission_date_s3 > DATE_FORMAT(CURRENT_DATE - INTERVAL '28' DAY, '%Y%m%d')
There's a bit of an implied time range to things when you do it this way, as a client will only report the Scalar in a single ping per Firefox session (efficient!) so if that single ping lies outside of your sample window (submission_date_s3 > DATE_FORMAT(CURRENT_DATE - INTERVAL '28' DAY, '%Y%m%d')) you'll undercount slightly.
Does that seem like it'd work?
|
|
Reporter | |
Updated•4 months ago
|
|
|
Reporter | |
Comment 4•4 months ago
|
||
SGTM.
|
Assignee | |
Updated•3 months ago
|
|
|
Assignee | |
Comment 5•3 months ago
|
||
Attaching a request form according to https://wiki.mozilla.org/Firefox/Data_Collection
|
|
Assignee | |
Comment 6•3 months ago
|
||
This patch adds a new Scalar metric sandbox.is_admin_without_uac that
indicates the process is lauched with Admin privileges when UAC is turned
off.
We use the elevation type of a process token to determine UAC is on or off
instead of reading the registry value EnableLUA. Basically a token is
either full or limited if UAC is on. If the account is built-in
Administrator, however, the token type is default though UAC is on. Thus
we check the account SID as well as the elevation type.
|
|
Reporter | |
Comment 7•3 months ago
|
||
Comment on attachment 9084399 [details] data-review-request-for-bug1567605.txt This looks reasonable to me. Just update it with the revised probe name once you've updated your patch.
|
||
Updated•3 months ago
|
|
|
Assignee | |
Updated•3 months ago
|
|
|
Assignee | |
Comment 8•3 months ago
|
||
|
|
Assignee | |
Updated•3 months ago
|
|
|
||
Comment 9•3 months ago
|
||
Comment on attachment 9086560 [details] data-review-request-for-bug1567605-v2.txt DATA COLLECTION REVIEW RESPONSE: Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate? Yes. This collection is Telemetry so is documented in its definitions file [Scalars.yaml](https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/Scalars.yaml) and the [Probe Dictionary](https://telemetry.mozilla.org/probe-dictionary/). Is there a control mechanism that allows the user to turn the data collection on and off? Yes. This collection is Telemetry so can be controlled through Firefox's Preferences. If the request is for permanent data collection, is there someone who will monitor the data over time? Yes, Toshihito Kikuchi is responsible. Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under? Category 1, Technical. Is the data collection request for default-on or default-off? Default on for all channels. Does the instrumentation include the addition of any new identifiers? No. Is the data collection covered by the existing Firefox privacy notice? Yes. Does there need to be a check-in in the future to determine whether to renew the data? No. This collection is permanent. --- Result: datareview+
|
||
Comment 10•3 months ago
|
||
Pushed by aklotz@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7cb87169e4cf Add a metric to collect how many users launch a process with Admin but without UAC. r=aklotz
|
||
Comment 11•3 months ago
|
||
Backed out changeset 7cb87169e4cf (bug 1567219) for xpcshell failures in marAppApplyUpdateAppBinInUseStageSuccessSvc_win.js.
Backout: https://hg.mozilla.org/integration/autoland/rev/2354e2d4dcda834a4b6131565f32262f7463a503
Push that started the failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=pending%2Crunning%2Csuccess%2Ctestfailed%2Cbusted%2Cexception&revision=7cb87169e4cf83b1485f26e10f1b883fca3460da&selectedJob=263785751
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=263785751&repo=autoland&lineNumber=5579
|
|
Reporter | |
Comment 12•3 months ago
|
||
That isn't actually caused by this bug. The failures are due to bug 1577061. I'll add it as a dependency.
|
|
||
Comment 13•3 months ago
|
||
Pushed by aklotz@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/465c39971338 Add a metric to collect how many users launch a process with Admin but without UAC. r=aklotz
|
||
Comment 14•3 months ago
|
||
| bugherder | ||
Description
•