Open Bug 968326 Opened 12 years ago Updated 2 years ago

Enable static rooting analysis on mobile

Categories

(Core :: JavaScript Engine, task)

Product:
Core
Component:
JavaScript Engine
Platform:
ARM
Android
Type:
task

Tracking

()

Status:
ASSIGNED

People

(Reporter: terrence, Assigned: sfink)

References

(Blocks 1 open bug)

Details

(Whiteboard: [leave open)

Attachments

(2 files)

Add a mobile hazard analysis build to the buildbot config
4.14 KB, patch
bhearsum
: review+
Details | Diff | Splinter Review
mobile browser static rooting analysis
6.22 KB, patch
Details | Diff | Splinter Review
Several mobile peers have told us that there is no mobile-specific code that interacts with JSAPI and Steve's manual run showed that we are totally clean in this build. Running these on every checkin would be a waste of resources. On the other hand, if any hazards do creep in, they would be invisible sec-crit bugs -- probably zero-day, given that the analysis is public. Not running the analysis would be grossly irresponsible. As a compromise, we'd like to run the hazard analysis on mobile nightly. Given that the analysis makes it extremely easy to track down the error, finding the regressing patch will still be trivial.
This only adds an optional try build, not a nightly.
Attachment #8370904 - Flags: review?(bhearsum)
Assignee: nobody → sphink
Status: NEW → ASSIGNED
Hm, looks like I'll need to rebase the mozharness changes past bug 961314 before I can post them.
(In reply to Steve Fink [:sfink] from comment #1) > Created attachment 8370904 [details] [diff] [review] > Add a mobile hazard analysis build to the buildbot config > > This only adds an optional try build, not a nightly. Terrence's comment suggests that we need to be running these regularly to reduce the risk that we get 0 day'ed. Is somebody going to be pushing these jobs to try regularly to fulfill this?
(In reply to Ben Hearsum [:bhearsum] from comment #3) > (In reply to Steve Fink [:sfink] from comment #1) > > Created attachment 8370904 [details] [diff] [review] > > Add a mobile hazard analysis build to the buildbot config > > > > This only adds an optional try build, not a nightly. > > Terrence's comment suggests that we need to be running these regularly to > reduce the risk that we get 0 day'ed. Is somebody going to be pushing these > jobs to try regularly to fulfill this? It's a cost/benefit tradeoff. These builds are defending against the possibility that mobile firefox devs will add some new JSAPI-using code with JS rooting problems. That would be very bad, and could result in a 0-day. On the other hand, mobile firefox devs have never yet added *any* JSAPI-using code that needs to deal with rooting at all, and apparently have no intention of doing so. All the code uses a higher level Gecko interface. So right now, this is guarding against a purely theoretical problem. The question is how many build resources are worth guarding against the theoretical problem. A nightly build feels about right to me. I don't trust us to dependably do manual try pushes regularly. But I've never added a new nightly, so I'd need to either figure out how or get that bhearsum guy to do it for me. (This is a mozharness-based build, btw.)
This bug will need multiple patches.
Whiteboard: [leave open
Comment on attachment 8370904 [details] [diff] [review] Add a mobile hazard analysis build to the buildbot config (In reply to Steve Fink [:sfink] from comment #4) > (In reply to Ben Hearsum [:bhearsum] from comment #3) > > (In reply to Steve Fink [:sfink] from comment #1) > > > Created attachment 8370904 [details] [diff] [review] > > > Add a mobile hazard analysis build to the buildbot config > > > > > > This only adds an optional try build, not a nightly. > > > > Terrence's comment suggests that we need to be running these regularly to > > reduce the risk that we get 0 day'ed. Is somebody going to be pushing these > > jobs to try regularly to fulfill this? > > It's a cost/benefit tradeoff. These builds are defending against the > possibility that mobile firefox devs will add some new JSAPI-using code with > JS rooting problems. That would be very bad, and could result in a 0-day. > > On the other hand, mobile firefox devs have never yet added *any* > JSAPI-using code that needs to deal with rooting at all, and apparently have > no intention of doing so. All the code uses a higher level Gecko interface. > So right now, this is guarding against a purely theoretical problem. The > question is how many build resources are worth guarding against the > theoretical problem. A nightly build feels about right to me. I don't trust > us to dependably do manual try pushes regularly. I think you're in a better place to make this call than me. This patch seems like a fine first step though. > But I've never added a new nightly, so I'd need to either figure out how or > get that bhearsum guy to do it for me. (This is a mozharness-based build, > btw.) If it's going to be nightly only, who is going to look at it? Nothing that is nightly only is allowed to be shown on TBPL by default. If we still want to do it, you'll be treading new ground here. We don't have nightly only things that are implemented as a platform like this.
Attachment #8370904 - Flags: review?(bhearsum) → review+
Old patch I have lying around for implementing the mozharness job. Haven't run it in ages. Might need some rebasing.
Blocks: GC.stability
No longer blocks: 834909
https://dxr.mozilla.org/mozilla-central/source/widget/android/NativeJSContainer.cpp We do have code using JSAPI in Android-only C++ code. We do need to ship the analysis there. How hard is it going to be to whip up a TC build for this?
Flags: needinfo?(sphink)
Severity: normal → S3
Flags: needinfo?(sphink)
Type: defect → task
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: