88
edits
Security/Mentorships/MWoS/2014/B2G-IPC-Audit: Difference between revisions
Security/Mentorships/MWoS/2014/B2G-IPC-Audit (view source)
Revision as of 22:47, 12 September 2014
, 12 September 2014→NFC API
(→Scope) |
|||
| (27 intermediate revisions by the same user not shown) | |||
| Line 12: | Line 12: | ||
'''Firefox Sandbox Audit''' | '''Firefox Sandbox Audit''' | ||
=== Description === | === Description === | ||
FirefoxOS uses a defensive programming technique called '[[Security/Sandbox|sandboxing]]' to help limit the control of an attacker who has already compromised an application running on the system. This is implemented by separating different system tasks into multiple processes. Each process possesses the [http://en.wikipedia.org/wiki/Principle_of_least_privilege least amount of privileges] it needs to complete its required task. For example a process responsible for rendering webpages must process a large amount of network attacker controlled input. If a bug is found in the webpage rendering code there is a strong chance it can be exploited | FirefoxOS uses a defensive programming technique called '[[Security/Sandbox|sandboxing]]' to help limit the control of an attacker who has already compromised (or installed) an application running on the system. This is implemented by separating different system tasks into multiple processes. Each process possesses the [http://en.wikipedia.org/wiki/Principle_of_least_privilege least amount of privileges] it needs to complete its required task. For example a process responsible for rendering webpages must process a large amount of network attacker controlled input. If a bug is found in the webpage rendering code there is a strong chance it can be exploited | ||
by the attacker to gain remote code execution. Therefore the renderer process is only given permission to read and write data relevant to the webpage such as its own DOM. However low privileged 'sandboxed' processes may require a resource or action that it is not given initial access to. In many cases the required action can still be triggered by the sandboxed process however it must request a process with appropriate privileged levels to complete the task through mechanisms such as inter-process communication (IPC). The privileged application can verify that the request message is well formatted and non-malicious before executing it. | by the attacker to gain remote code execution. Therefore the renderer process is only given permission to read and write data relevant to the webpage such as its own DOM. However low privileged 'sandboxed' processes may require a resource or action that it is not given initial access to. In many cases the required action can still be triggered by the sandboxed process however it must request a process with appropriate privileged levels to complete the task through mechanisms such as inter-process communication (IPC). The privileged application can verify that the request message is well formatted and non-malicious before executing it. | ||
| Line 24: | Line 24: | ||
=== Scope === | === Scope === | ||
This audit is concerned with software bugs in the FirefoxOS code that allow an attacker to compromise a privileged process and escape from the sandbox. Specifically we are concerned with | This audit is concerned with software bugs in the FirefoxOS code that allow an attacker to compromise a privileged process and escape from the sandbox. <br /> | ||
Specifically we are concerned with those triggerable in the IPC mechanisms between a child app and the master 'b2g' process however I'm sure we'll find some extras along the way :) | |||
== | == Firefox OS Sandbox Review == | ||
== | === NFC API === | ||
https://developer.mozilla.org/en-US/docs/Web/API/NFC_API | |||
== | * '''<big>Design Bugs</big>'''<br /> | ||
* | |||
* '''<big>Implementation Bugs</big>''' | |||
* | https://bugzilla.mozilla.org/show_bug.cgi?id=1066570 | ||