Consider removing android:debuggable="true" from AndroidManifest.xml, as otherwise private Firefox application data may be accessible without root access to all other applications. From bug 592772#c50: > I was considering the SharedPreferences again, and realized that the "run-as > org.mozilla.fennec" way to access private data should not actually work in > normal conditions! It does work for Fennec only because we have parameter > android:debuggable="true" in the AndroidManifest.xml. If an app is not > debuggable, its private data is not be accessible from the outside without > root. Flagging as a security issue since this puts us at risk of exposing private user data on non-rooted phones, if we shipped beta/final releases with this flag set.
cc alexp@ since he discovered this issue
Created attachment 534148 [details] [diff] [review] Patch Set debuggable attribute to false.
Assignee: nobody → alexp
Status: NEW → ASSIGNED
Attachment #534148 - Flags: review?(blassey.bugs)
Attachment #534148 - Flags: review?(blassey.bugs) → review+
stealing review. we should do this.
i would really like to see this fixed asap also, fwiw.
What release of Fennec is the r+ patch above scheduled to ship in?
the motivation behind wanting this fixed is stated in comment 50 of bug 592772 - " If an app is not debuggable, its private data is not be accessible from the outside without root. ". also there's a much MUCH lower risk threat of someone not expecting the browser to be debuggable and not taking the proper precautions with connecting to usb and opting in to usb debugging - i mention it for completeness' sake :)
tracking-fennec: --- → 6+
tracking-firefox5: ? → ---
tracking-firefox6: ? → ---
Comment on attachment 534148 [details] [diff] [review] Patch Fennec only
Attachment #534148 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Created attachment 539918 [details] [diff] [review] Patch Only updated commit message. Ready to be pushed. r=dougt, a=mfinkle
we should also perhaps consider documenting somewhere that fennec developers are going to want to manually turn this back on when actively developing fennec
Comment on attachment 539918 [details] [diff] [review] Patch please don't break all developers. This needs to at least be set to true for unofficial builds.
Attachment #539918 - Flags: review+ → review-
(In reply to comment #10) > please don't break all developers. This needs to at least be set to true for > unofficial builds. It's possible, but I think it's not really such a big deal. It is so easy to enable debugging locally, we should just add this info to the debugging instructions on the Wiki (which the developers have to read anyway as it's impossible to debug without knowing some of those important bits). It does require rebuilding (repackaging) though. What kind of scenario are you thinking about when this would cause a problem for developers? Do you mean some case when a binary installation is used and access to the files is needed?
Developers should be debugging all the time. Requiring them to make a code change in order to do it is overly onerous since it would have to be reverted before every update of your tree and reapplied after.
Then let's add something to the mozconfig. Developers can set it in theirs, but not in the other builds. I don't want branding to be used as the flag.
can we key off whether it's a debug build ? (i assume we're not shipping debug binaries via the android market, but it's an assumption :) ) ie. for a debug build (ac_add_options --enable-debug), debuggable will be true, for a build without this, it will be false we have a AndroidManifest.xml.in so i'm also assuming this is something configure can handle for us
Created attachment 540102 [details] [diff] [review] Patch v2 Keep debuggable flag for the unofficial build.
Attachment #540102 - Flags: review?(blassey.bugs) → review+
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Attachment #540102 - Flags: approval-mozilla-aurora?
Attachment #540102 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
status-firefox6: --- → fixed
Whiteboard: [sg:high (local)] → [sg:moderate (local)]
You need to log in before you can comment on or make changes to this bug.