Closed
Bug 879665
Opened 12 years ago
Closed 9 years ago
Review debug actors in FirefoxOS
Categories
(mozilla.org :: Security Assurance, task)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: pauljt, Assigned: pauljt)
References
Details
(Whiteboard: u= c= p=5 s=ready)
When remote debugging is enabled, adb and the remote debugging service are available. ADB runs will a lower privileged user on production devices, but it does allow the user to use 'adb forward' to connect to the remote debugger. To limit the risk, FxOS uses only limited debug actors on gonk, to minimise the attack surface.
AFAIK, this means:
- no web console
- no debugger
- provides an interface to install apps
The point of this review is to establish, document and review exactly which debug actors are available on b2g, and exactly what functionality is exposed.
The key threat here is a user who has left adb enabled or left their device unlocked. EG if its possible to access the disk using remote debugger, could possibly steal stored network credentials.
Useful links to get started:
bug 828863
bug 799151
http://mxr.mozilla.org/mozilla-b2g18/source/b2g/chrome/content/shell.js#951
http://mxr.mozilla.org/mozilla-b2g18/source/toolkit/devtools/debugger/server/dbg-server.js#186
http://mxr.mozilla.org/mozilla-b2g18/source/b2g/chrome/content/dbg-webapps-actors.js#119
Comment 1•12 years ago
|
||
The profiler actor is also enabled and provides main process-only profiling AFAIK.
This review is only concerned with the current state of affairs that will presumably ship with FxOS 1.0.1 and 1.1, right? The forthcoming support for content process debugging (bug 797627) that will allow us to fully enable remote debugging in production devices is out of scope I presume?
Assignee | ||
Comment 2•12 years ago
|
||
Yes, I was mainly concerned with 1.0.1 and 1.1 but I wasn't aware of 797627. The context of this review was trying to understand the threat profile remote debugging presents (and will present in the future). With 797627 is it expected that you will be able to connect to any content process (and therefore access any sensitive data that app might have stored)? Not saying it should or shouldn't have this access, really I just want to get a complete an accurate understanding.
Comment 3•12 years ago
|
||
The plan as I remember it (I can't find the bug right now) was that after bug 797627 debugging will only target content processes on production devices, and every process on desktop builds. This way we would get both flexibility for Gaia developers and risk mitigation for webapp developers and everyday users.
Assignee | ||
Updated•11 years ago
|
Blocks: B2G-secreview
Assignee | ||
Updated•11 years ago
|
Whiteboard: u= c= p=5 s=ready
Assignee | ||
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•