Security/Reviews/BackGroundUpdates
Jump to navigation
Jump to search
Please use "Edit with form" above to edit this page.
Item Reviewed
| Silent Updates-Background Updates | |
| Target | * https://bugzilla.mozilla.org/show_bug.cgi?id=307181` ** focus on risk as it stands with the windows service for background updates * https://wiki.mozilla.org/Windows_Service_Silent_Update |
{{#set:SecReview name=Silent Updates-Background Updates |SecReview target=* https://bugzilla.mozilla.org/show_bug.cgi?id=307181` ** focus on risk as it stands with the windows service for background updates * https://wiki.mozilla.org/Windows_Service_Silent_Update }}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- uses a second copied dir
- updates done here, on next start the existing dir is replaced with the updated one
- interactions with the service via updater.exe
- checks for write access to target dir, if fails launches via service to get rights to install dir
- same as the old process only we prompted previously
- checks for write access to target dir, if fails launches via service to get rights to install dir
What solutions/approaches were considered other than the proposed solution?
`
Why was this solution chosen?
`
Any security threats already considered in the design and why?
`
Threat Brainstorming
- what if they can access program files, but not service dir
- service updates are after regular update
- is update fails then service update does not occur
- is user does not have rights to install service it will fail
- not a sec concern, but should be looked at
- if service has the bug but user cannot update
- can push out an update to always update to address
- this is done in the post update operations
- is the work item used here
- the work item is gone, as the service is on demand and not always running
- any user can start the service
- there are several checks to combat improper use of the service (see the wiki)
{{#set: SecReview feature goal=* uses a second copied dir
- updates done here, on next start the existing dir is replaced with the updated one
- interactions with the service via updater.exe
- checks for write access to target dir, if fails launches via service to get rights to install dir
- same as the old process only we prompted previously
- checks for write access to target dir, if fails launches via service to get rights to install dir
|SecReview alt solutions=' |SecReview solution chosen=' |SecReview threats considered=' |SecReview threat brainstorming=* what if they can access program files, but not service dir
- service updates are after regular update
- is update fails then service update does not occur
- is user does not have rights to install service it will fail
- not a sec concern, but should be looked at
- if service has the bug but user cannot update
- can push out an update to always update to address
- this is done in the post update operations
- is the work item used here
- the work item is gone, as the service is on demand and not always running
- any user can start the service
- there are several checks to combat improper use of the service (see the wiki)
}}
Action Items
| Action Item Status | Complete | ||||||||
| Release Target | Firefox 12 | ||||||||
| Action Items | |||||||||
|
|||||||||
{{#set:|SecReview action item status=Complete
|Feature version=Firefox 12
|SecReview action items=
| Who | What | By When | completed Y/N |
| imelven | review wiki page | 13-Jan-2012 | y |
}}