Closed Bug 1573275 Opened 2 years ago Closed 2 years ago

Add %SystemRoot% to whitelisted paths for PreparePathForTelemetry

Categories

(Core :: Widget: Win32, task)

Unspecified
Windows
task
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla70
Tracking Status
firefox70 --- fixed

People

(Reporter: aklotz, Assigned: aklotz)

References

Details

Attachments

(2 files)

This is another directory that we may consider "safe," and since many DLLs are loaded from there, we should allow paths beginning with %SystemRoot%.

Until now, WinUtils::PreparePathForTelemetry did not whitelist paths
originating from the Windows system directory. This is unfortunate, as those
paths are not going to contain any PII yet may be useful for troubleshooting.

By adding %SystemRoot% to the whitelist, such paths will be included after
substituting the real system directory with the name of the environment
variable.

I also took this opportunity to do some cleanup in the way the array of
whitelist entries is managed.

Attached file Revised data review

Since this adds an additional whitelisted path to untrusted modules telemetry, I am submitting the untrusted modules data review request, augmented to reflect the changes in this patch.

Attachment #9087142 - Flags: data-review?(chutten)
Comment on attachment 9087142 [details]
Revised data review

DATA COLLECTION REVIEW RESPONSE:

    Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate?

Yes. This collection is documented in [the in-tree documentation](https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/data/untrusted-modules-ping.html).

    Is there a control mechanism that allows the user to turn the data collection on and off?

Yes. This collection is Telemetry so can be controlled through Firefox's Preferences.

    If the request is for permanent data collection, is there someone who will monitor the data over time?

Yes, aklotz and tkikuchi are responsible.

    Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Category 1, Technical.

    Is the data collection request for default-on or default-off?

Default on for pre-release channels only.

    Does the instrumentation include the addition of any new identifiers?

No.

    Is the data collection covered by the existing Firefox privacy notice?

Yes.

    Does there need to be a check-in in the future to determine whether to renew the data?

No. This collection is permanent.

---
Result: datareview+
Attachment #9087142 - Flags: data-review?(chutten) → data-review+
Attachment #9087133 - Attachment description: Bug 1573275: Add SystemRoot to whitelisted paths for WinUtils::PreparePathForTelemetry; r=mhowell! → Bug 1573275: Add SystemRoot to whitelisted paths for WinUtils::PreparePathForTelemetry; r=mhowell!, chutten!
Attachment #9087133 - Attachment description: Bug 1573275: Add SystemRoot to whitelisted paths for WinUtils::PreparePathForTelemetry; r=mhowell!, chutten! → Bug 1573275: Add SystemRoot to whitelisted paths for WinUtils::PreparePathForTelemetry; r=mhowell!,chutten!
Pushed by aklotz@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5620905b3997
Add SystemRoot to whitelisted paths for WinUtils::PreparePathForTelemetry; r=mhowell,chutten
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
You need to log in before you can comment on or make changes to this bug.