canmove, Confirmed users
1,220
edits
Security/B2G/USB file-reading API: Difference between revisions
no edit summary
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 12: | Line 12: | ||
This feature allows to a b2g device plugged into a computer via a USB cable to be auto-mounted as a file system. Mounting happens automatically, and the entire contents of the sdcard partition are available. | This feature allows to a b2g device plugged into a computer via a USB cable to be auto-mounted as a file system. Mounting happens automatically, and the entire contents of the sdcard partition are available. | ||
Feature Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=737153 | *Feature Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=737153 | ||
Security Review Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=751048 | *Security Review Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=751048 | ||
Wiki: Not available. | *Wiki: Not available. | ||
===Open Questions=== | ===Open Questions=== | ||
| Line 20: | Line 20: | ||
If not, what damage could someone do by modifying files? | If not, what damage could someone do by modifying files? | ||
Is this enabled by default, or by enabling a setting? | Is this enabled by default, or by enabling a setting? | ||
===Architecture Diagram=== | |||
Not applicable as this scenario is limited to a b2g device communicating with a PC via USB. | |||
===Detailed Application Diagram=== | |||
Not applicable due to the simplistic nature of this scenario. | |||
===Data-flow Enumeration=== | |||
Data-flows depend on the actions taken by the user once the file system is mounted. | |||
===Threat Model=== | ===Threat Model=== | ||
{| | {| border="1" | ||
| ID||Title||Threat||Proposed Mitigations||Threat Agent||Rating||Likelihood||Notes||Impact||Notes | | ID||Title||Threat||Proposed Mitigations||Threat Agent||Rating||Likelihood||Notes||Impact||Notes | ||
|- | |- | ||
| Line 35: | Line 44: | ||
===Implementation Requirements=== | ===Implementation Requirements=== | ||
Prevent USB mounting when phone is locked. | #Prevent USB mounting when phone is locked. | ||
Enforce permissions to prevent access to read or modify sensitive files. | #Enforce permissions to prevent access to read or modify sensitive files. | ||
Provide a setting to enable/disable feature, consider disabling by default. | #Provide a setting to enable/disable feature, consider disabling by default. | ||
===Post-review follow-up=== | |||
# Gaia modifies a setting when the phone is locked to prevent UMS. See https://github.com/mozilla-b2g/gaia/pull/1467 for details. | |||
# UMS Mounts /sdcard only which is user data only (no system files) | |||
# Setting is provided under settings->storage, disabled by default | |||