945160 - Apps with deviceStorage permission could add fake certificates

Status: RESOLVED INCOMPLETE

(Firefox OS Graveyard :: Gaia::Settings, defect)

Description

[Paul Theriault [:pauljt] (no longer reading bugmail)]

Currently the code in 926334 introduces functionality to import certificates for the purposes of authenticating servers involved in WiFi access. The process is as follows:

1. the user copies a file with a specific extension _anywhere_ on the sdcard
2. the user navigates to the settings app -> wifi -> import certificates
3. the user is shown a list of all certificates on the sdcard (cer,crt, der,pem)

One side-effect of this, is that any app that has access to any device-storage permission (apps,crashes,pictures,music,videos,sdcard) can create a certificate for the user to import. 

I don't think this is a super high risk, but it also seems like the sort of thing that could lead to issues down the track. 

I think we should at least require that certificates live in a specific location of the sdcard (sdcard/certificates/) or possibly even create a new device-storage API just for certificates (seems a bit overkill)?

I also worry that future APIs and feature will allow writing data to the sdcard that may further interfere with this feature. "Downloads" for example? Or what about email attachments?

Comment 1

[Paul Theriault [:pauljt] (no longer reading bugmail)]

Of course, downloading and then installing a certificate is also probably a valid use case!

Comment 2

[iliu@mozilla.com, ianliu.moz@gmail.com]

Yes, I think it would be a small risk issue in the use case. In addition to the use case, It will cost a lot of time for scanning all SD card. If there are a lot of media files in SD card, that would be more waiting time for a user.

(In reply to Paul Theriault [:pauljt] from comment #0)
> I think we should at least require that certificates live in a specific
> location of the sdcard (sdcard/certificates/) or possibly even create a new
> device-storage API just for certificates (seems a bit overkill)?

I would like to vote the option to create a specific location of the sdcard/certificates. Maybe the folder name is sufficient guiding a user to put certificate file there.

Comment 3

[gasolin@mozilla.com]

ni eden to check if its been addressed

Comment 4

[Eden Chuang[:edenchuang]]

(In reply to Paul Theriault [:pauljt] from comment #0)
> Currently the code in 926334 introduces functionality to import certificates
> for the purposes of authenticating servers involved in WiFi access. The
> process is as follows:
> 
> 1. the user copies a file with a specific extension _anywhere_ on the sdcard
> 2. the user navigates to the settings app -> wifi -> import certificates
> 3. the user is shown a list of all certificates on the sdcard (cer,crt,
> der,pem)
> 
> One side-effect of this, is that any app that has access to any
> device-storage permission (apps,crashes,pictures,music,videos,sdcard) can
> create a certificate for the user to import. 

According to currently design, the answer is yes.

> I don't think this is a super high risk, but it also seems like the sort of
> thing that could lead to issues down the track. 
> 
> I think we should at least require that certificates live in a specific
> location of the sdcard (sdcard/certificates/) or possibly even create a new
> device-storage API just for certificates (seems a bit overkill)?

Specific location is a good idea. Just like picture and video, we probably need new permission device-storage-certificate are also created for certificate file accessing.
But even new location and new permission are created, apps has access on other permission probably still can write a certificate for user import. New location and permission might be just a guide for developers to use the permission properly.  

> I also worry that future APIs and feature will allow writing data to the
> sdcard that may further interfere with this feature. "Downloads" for
> example? Or what about email attachments?

Comment 5

[Ryan VanderMeulen [:RyanVM]]

FirefoxOS is no longer under active development.