Closed Bug 740429 Opened 10 years ago Closed 9 years ago

[Security Review][Action Item]GCLI - AMO prefs

Categories

(addons.mozilla.org Graveyard :: Add-on Validation, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: curtisk, Assigned: dveditz)

References

()

Details

Who :: Action :: by when
dveditz :: communicate turn-on prefs to AMO team so they can be flagged for review in add-ons that mess with it :: by beta
2nd item (one bug instead of 2 since they both involve AMO)
Who :: Action :: by when
dveditz ::communicate command-adding API to AMO team for add-on scanning :: by beta
My understanding of this bug is that it's about a pref for any commands that allow execution of arbitrary os level commands (i.e. bug 754315).
The command line itself (while currently preffed off with devtools.toolbar.enable) is designed to be preffed on by default.
Blocks: 754315
I think what we want is to inform Wil and the AMO team to add
devtools.toolbar.enable
to the list of preferences checked by the AMO validator. This adds some protection against an addon hosted on AMO from changing the setting.
Jorge is who you want to talk to.  He'll help determine what we can flag and the wording/severity.  Jorge, once you have this let me know what we need to change.
Can someone explain what devtools.toolbar.enable does? I don't understand it from the comments.
Assignee: dveditz → nobody
Component: Security Assurance → Add-on Validation
OS: Mac OS X → All
Product: mozilla.org → addons.mozilla.org
QA Contact: security-assurance → add-on-validation
Hardware: x86 → All
Version: other → unspecified
It just enables the new developer tools toolbar. I'm not aware of any security sensitive implications of having it turned on by a plugin though
Assignee: nobody → dveditz
The developer toolbar does not currently have any prefs that we need to check for in the AMO validator. We should raise a new bug if we do add one, but for now, this bug doesn't track anything real.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.