Closed Bug 1573172 Opened 6 years ago Closed 6 years ago

Show visible warning when SSLKEYLOGFILE is in use

Categories

(Core :: Security: PSM, enhancement)

Product:
Core
Component:
Security: PSM
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1188660

People

(Reporter: dveditz, Unassigned)

References

Details

The SSLKEYLOGFILE environment variable triggers logging of cryptographic key material into the specified log file. This is designed as a debugging tool for the knowing use of a developer-user, but it's been observed in the wild enabled by other programs for their own use without the user's knowledge that their security may be weakened or compromised. The most common case seems to be anti-virus programs who use it to perform inspection of encrypted communication without having to set up an explicit MITM CA. This could be a legitimate use, if a user is aware of it, wants it, and the anti-virus takes care that other processes can't access the log file. Do those conditions hold?

We have discussed in the past letting users know when a local root CA is being used and in fact have recently put a warning in the site information box. SSLKEYLOGFILE is a similar capability and should get at least the same level of warning. Chrome has recently started warning about it in their Canary builds in an even more prominent way: https://twitter.com/ericlaw/status/1159848001415913474 (it remains to be seen if that warning survives to release -- given the popularity of Anti-virus this may freak out a lot of users)

Since this is originally intended as a debugging tool another example we could follow is the colored URL bar and Robot-head icon shown when the remote-control Marionette testing tool is in use. Not sure the Robot-head is appropriate for this use, but if we picked a different one we'd have to figure out what to do if Marionette and SSLKEYLOGFILE were in use at the same time so maybe that's not so great. There's always an infobar such as chrome used (I don't know about their instability claim, but it's definitely a potential security risk).

[Not sure "Security: PSM" is the right component since this would be a UI change, but seems like the PSM/crypto team is the right place to start.]

See Also: → 1573607

Duplicate of bug 1188660 ?

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.