Closed
Bug 945160
Opened 11 years ago
Closed 6 years ago
Apps with deviceStorage permission could add fake certificates
Categories
(Firefox OS Graveyard :: Gaia::Settings, defect)
Tracking
(tracking-b2g:backlog)
RESOLVED
INCOMPLETE
tracking-b2g | backlog |
People
(Reporter: pauljt, Unassigned)
References
Details
(Keywords: sec-low)
Currently the code in 926334 introduces functionality to import certificates for the purposes of authenticating servers involved in WiFi access. The process is as follows: 1. the user copies a file with a specific extension _anywhere_ on the sdcard 2. the user navigates to the settings app -> wifi -> import certificates 3. the user is shown a list of all certificates on the sdcard (cer,crt, der,pem) One side-effect of this, is that any app that has access to any device-storage permission (apps,crashes,pictures,music,videos,sdcard) can create a certificate for the user to import. I don't think this is a super high risk, but it also seems like the sort of thing that could lead to issues down the track. I think we should at least require that certificates live in a specific location of the sdcard (sdcard/certificates/) or possibly even create a new device-storage API just for certificates (seems a bit overkill)? I also worry that future APIs and feature will allow writing data to the sdcard that may further interfere with this feature. "Downloads" for example? Or what about email attachments?
Reporter | ||
Comment 1•11 years ago
|
||
Of course, downloading and then installing a certificate is also probably a valid use case!
Comment 2•11 years ago
|
||
Yes, I think it would be a small risk issue in the use case. In addition to the use case, It will cost a lot of time for scanning all SD card. If there are a lot of media files in SD card, that would be more waiting time for a user. (In reply to Paul Theriault [:pauljt] from comment #0) > I think we should at least require that certificates live in a specific > location of the sdcard (sdcard/certificates/) or possibly even create a new > device-storage API just for certificates (seems a bit overkill)? I would like to vote the option to create a specific location of the sdcard/certificates. Maybe the folder name is sufficient guiding a user to put certificate file there.
Reporter | ||
Updated•11 years ago
|
Comment 3•9 years ago
|
||
ni eden to check if its been addressed
tracking-b2g:
--- → backlog
Flags: needinfo?(echuang)
Comment 4•9 years ago
|
||
(In reply to Paul Theriault [:pauljt] from comment #0) > Currently the code in 926334 introduces functionality to import certificates > for the purposes of authenticating servers involved in WiFi access. The > process is as follows: > > 1. the user copies a file with a specific extension _anywhere_ on the sdcard > 2. the user navigates to the settings app -> wifi -> import certificates > 3. the user is shown a list of all certificates on the sdcard (cer,crt, > der,pem) > > One side-effect of this, is that any app that has access to any > device-storage permission (apps,crashes,pictures,music,videos,sdcard) can > create a certificate for the user to import. According to currently design, the answer is yes. > I don't think this is a super high risk, but it also seems like the sort of > thing that could lead to issues down the track. > > I think we should at least require that certificates live in a specific > location of the sdcard (sdcard/certificates/) or possibly even create a new > device-storage API just for certificates (seems a bit overkill)? Specific location is a good idea. Just like picture and video, we probably need new permission device-storage-certificate are also created for certificate file accessing. But even new location and new permission are created, apps has access on other permission probably still can write a certificate for user import. New location and permission might be just a guide for developers to use the permission properly. > I also worry that future APIs and feature will allow writing data to the > sdcard that may further interfere with this feature. "Downloads" for > example? Or what about email attachments?
Flags: needinfo?(echuang)
Comment 5•6 years ago
|
||
FirefoxOS is no longer under active development.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•