WebAPI/Security/TCPSocket: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Name of API: Socket API
== Socket API ==
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=733573


Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc
Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc
General Use Cases: None
General Use Cases: None


Inherent threats:Malicious apps attacking internal systems (firewall bypass), local device access
Inherent threats: Malicious apps attacking internal systems (firewall bypass), local device access


Threat severity: High
Threat severity: High


== Regular web content (unauthenticated) ==
Reference
*Use  cases for unauthenticated code:None
*https://bugzilla.mozilla.org/show_bug.cgi?id=733573
*Authorization model for normal content:None
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Asm37KDoVB4/discussion
*Authorization model for installed content: None
 
*Potential mitigations:N/A
=== Permissions Table===


== Trusted (authenticated by publisher) ==
{| border="1" class="wikitable"
*Use cases for authenticated code: Talk to non-HTTP services.  SSH, FTP, mail clients, supporting custom protocols
! Type
*Use cases for trusted code: Implicit
! Use Cases
*Potential mitigations: Firewall should prohibit access to privileged low number OS ports (<1024). Listening on a port < 1024 should be prohibited.
! Authorization Model
*Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions? User prompted on first run?
! Notes & Other Controls
|-
| Web Content || None|| No access ||
|-
| Installed Web Apps || None || No access ||
|-
| Privileged Web Apps || Talk to non-HTTP services.  SSH, FTP, mail clients, supporting custom protocols || Implicit||
*Firewall should prohibit access to privileged low number OS ports (<1024).
*Listening on a port < 1024 should be prohibited.
*Specify hosts/ports in the manifest, permissions granted implicitly.
|-
| Certified Web Apps || Open a connection to any domain/port || Implicit || specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)
|}


== Certified (vouched for by trusted 3rd party) ==
[[Category:Web APIs]]
*Use cases for certified code:  Open a connection to any domain/port
[[Category:Security]]
*Authorization model: Implicit
*Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)

Latest revision as of 23:42, 1 October 2014

Socket API

Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc

General Use Cases: None

Inherent threats: Malicious apps attacking internal systems (firewall bypass), local device access

Threat severity: High

Reference

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content None No access
Installed Web Apps None No access
Privileged Web Apps Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols Implicit
  • Firewall should prohibit access to privileged low number OS ports (<1024).
  • Listening on a port < 1024 should be prohibited.
  • Specify hosts/ports in the manifest, permissions granted implicitly.
Certified Web Apps Open a connection to any domain/port Implicit specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)