Closed
Bug 814286
Opened 12 years ago
Closed 7 years ago
Need additional security checks for the "background-sensors" permission
Categories
(Core :: DOM: Device Interfaces, defect, P1)
Core
DOM: Device Interfaces
Tracking
()
People
(Reporter: bent.mozilla, Unassigned)
References
Details
It looks like the "background-sensors" is only checked in the child process, so a hacked child process could continue to receive sensor notifications.
Comment 1•12 years ago
|
||
as we discussed at triage this morning, this sort of permission bug needs to be fixed for basecamp.
blocking-basecamp: ? → +
Comment 2•12 years ago
|
||
Gregor, Doug said you should be the lucky owner of this bug. Congrats! :)
Assignee: nobody → anygregor
Comment 3•12 years ago
|
||
Setting priority based on triage discussions. Feel free to decrease priority if you disagree.
Priority: -- → P1
Comment 5•12 years ago
|
||
(In reply to Gregor Wagner [:gwagner] from comment #4) > Steven can you take this? OK, I will take it.
Assignee: anygregor → slee
Comment 6•12 years ago
|
||
Hi Doug, If we check the permission in parent process, it does not know the specific window of child process is in background or not. How should it decide to pass the sensor or not? Could you give some suggestion? Thanks.
Comment 7•12 years ago
|
||
I am not sure, exactly. I would guess that the ContentParent has to know if the child is in the foreground or not. If not, than that is the first thing that needs to be built. Once we have that, we can just prevent PHal sensor notifications. However, I am not sure that this should be blocking at all. Basically, the only way this is important is *if* a child process is hacked. And if it is hacked and we don't fix this bug, the worse thing that the hacked application can do is listen to sensor changes in the background. However, *if* the application is hacked, then this is probably the last interesting thing they could do. Ben, thoughts? Moving this back to nom.
blocking-basecamp: + → ?
Reporter | ||
Comment 8•12 years ago
|
||
(In reply to Doug Turner (:dougt) from comment #7) > Ben, thoughts? I don't really have an opinion. Though, if we don't really care, do we need the permission at all? I think we should fix this but it doesn't sound block-worthy.
Updated•12 years ago
|
blocking-basecamp: ? → -
tracking-b2g18:
--- → +
Updated•10 years ago
|
feature-b2g: --- → 2.0
Updated•10 years ago
|
feature-b2g: 2.0 → ---
Comment 9•10 years ago
|
||
I am not working on this bug. If someone is interested in, please take it. :)
Assignee: slee → nobody
Comment 10•7 years ago
|
||
FxOS no longer in tree. Marking old FxOS Device Interfaces bugs as INCOMPLETE.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•