opsec review for rest-symbol-server webapp



7 years ago
3 years ago


(Reporter: ted, Assigned: jstevensen)




This webapp got a security review from mgoodwin in bug 754837. I'd like to get it deployed soon, but I had a question about the exact deployment configuration, wound up talking to Joe, and he asked me to file a bug so we could hash everything out.

You can read about the webapp in bug 754837. The main question here is: can we deploy this so that it has write access directly to the Breakpad/Socorro symbol store mount?

The symbol store lives on pio-netapp-a.v74.phx.mozilla.com:/vol/pio_symbols . Currently we upload symbols from our builds using SCP to symbolpush.mozilla.org, which has that volume mounted via NFS. We have separate user accounts per product that gets uploaded, and each product has a separate directory on the mount.

My plan would be to create a new user account for the webapp, and a separate directory for it to upload to.

Comment 1

6 years ago

Do you need anything from us on this bug? It looks like it just needs to be closed.
I believe you told me to file this originally. If you don't think there's anything to be done here then I'm happy to close it.
Last Resolved: 6 years ago
Resolution: --- → INCOMPLETE
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
You need to log in before you can comment on or make changes to this bug.