Closed
Bug 658691
Opened 13 years ago
Closed 13 years ago
remove android:debuggable="true" from AndroidManifest.xml
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox6 fixed, status1.9.2 unaffected, status1.9.1 unaffected, fennec6+)
RESOLVED
FIXED
Firefox 7
Tracking | Status | |
---|---|---|
firefox6 | --- | fixed |
status1.9.2 | --- | unaffected |
status1.9.1 | --- | unaffected |
fennec | 6+ | --- |
People
(Reporter: Atoll, Assigned: alexp)
References
Details
(Whiteboard: [sg:moderate (local)])
Attachments
(1 file, 2 obsolete files)
2.08 KB,
patch
|
blassey
:
review+
johnath
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Consider removing android:debuggable="true" from AndroidManifest.xml, as otherwise private Firefox application data may be accessible without root access to all other applications. From bug 592772#c50: > I was considering the SharedPreferences again, and realized that the "run-as > org.mozilla.fennec" way to access private data should not actually work in > normal conditions! It does work for Fennec only because we have parameter > android:debuggable="true" in the AndroidManifest.xml. If an app is not > debuggable, its private data is not be accessible from the outside without > root. Flagging as a security issue since this puts us at risk of exposing private user data on non-rooted phones, if we shipped beta/final releases with this flag set.
Assignee | ||
Comment 2•13 years ago
|
||
Set debuggable attribute to false.
Updated•13 years ago
|
Whiteboard: [sg:high (local)]
Updated•13 years ago
|
Attachment #534148 -
Flags: review?(blassey.bugs) → review+
Comment 3•13 years ago
|
||
stealing review. we should do this.
Comment 4•13 years ago
|
||
i would really like to see this fixed asap also, fwiw.
What release of Fennec is the r+ patch above scheduled to ship in?
Comment 6•13 years ago
|
||
the motivation behind wanting this fixed is stated in comment 50 of bug 592772 - " If an app is not debuggable, its private data is not be accessible from the outside without root. ". also there's a much MUCH lower risk threat of someone not expecting the browser to be debuggable and not taking the proper precautions with connecting to usb and opting in to usb debugging - i mention it for completeness' sake :)
Updated•13 years ago
|
tracking-firefox5:
--- → ?
tracking-firefox6:
--- → ?
Updated•13 years ago
|
Assignee | ||
Updated•13 years ago
|
Keywords: checkin-needed
Updated•13 years ago
|
Attachment #534148 -
Flags: approval-mozilla-aurora?
Comment 7•13 years ago
|
||
Comment on attachment 534148 [details] [diff] [review] Patch Fennec only
Attachment #534148 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 8•13 years ago
|
||
Only updated commit message. Ready to be pushed. r=dougt, a=mfinkle
Attachment #534148 -
Attachment is obsolete: true
Attachment #539918 -
Flags: review+
Comment 9•13 years ago
|
||
we should also perhaps consider documenting somewhere that fennec developers are going to want to manually turn this back on when actively developing fennec
Comment 10•13 years ago
|
||
Comment on attachment 539918 [details] [diff] [review] Patch please don't break all developers. This needs to at least be set to true for unofficial builds.
Attachment #539918 -
Flags: review+ → review-
Assignee | ||
Comment 11•13 years ago
|
||
(In reply to comment #10) > please don't break all developers. This needs to at least be set to true for > unofficial builds. It's possible, but I think it's not really such a big deal. It is so easy to enable debugging locally, we should just add this info to the debugging instructions on the Wiki (which the developers have to read anyway as it's impossible to debug without knowing some of those important bits). It does require rebuilding (repackaging) though. What kind of scenario are you thinking about when this would cause a problem for developers? Do you mean some case when a binary installation is used and access to the files is needed?
Keywords: checkin-needed
Comment 12•13 years ago
|
||
Developers should be debugging all the time. Requiring them to make a code change in order to do it is overly onerous since it would have to be reverted before every update of your tree and reapplied after.
Comment 13•13 years ago
|
||
makes sense.
Comment 14•13 years ago
|
||
Then let's add something to the mozconfig. Developers can set it in theirs, but not in the other builds. I don't want branding to be used as the flag.
Comment 15•13 years ago
|
||
can we key off whether it's a debug build ? (i assume we're not shipping debug binaries via the android market, but it's an assumption :) ) ie. for a debug build (ac_add_options --enable-debug), debuggable will be true, for a build without this, it will be false we have a AndroidManifest.xml.in so i'm also assuming this is something configure can handle for us
Assignee | ||
Comment 16•13 years ago
|
||
Keep debuggable flag for the unofficial build.
Attachment #539918 -
Attachment is obsolete: true
Attachment #540102 -
Flags: review?(blassey.bugs)
Updated•13 years ago
|
Attachment #540102 -
Flags: review?(blassey.bugs) → review+
Assignee | ||
Updated•13 years ago
|
Keywords: checkin-needed
Updated•13 years ago
|
Keywords: checkin-needed
Target Milestone: --- → Firefox 7
Comment 17•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/05a1cae42a22
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•13 years ago
|
Attachment #540102 -
Flags: approval-mozilla-aurora?
Updated•13 years ago
|
Attachment #540102 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 18•13 years ago
|
||
http://hg.mozilla.org/releases/mozilla-aurora/rev/f98d15cfa9a5
status-firefox6:
--- → fixed
status1.9.1:
--- → unaffected
status1.9.2:
--- → unaffected
Updated•13 years ago
|
Whiteboard: [sg:high (local)] → [sg:moderate (local)]
Updated•13 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•