WebAPI/Security/TCPSocket: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) No edit summary |
||
| Line 16: | Line 16: | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use cases for authenticated code: Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols | *Use cases for authenticated code: Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols | ||
Use cases for trusted code: Implicit | *Use cases for trusted code: Implicit | ||
Potential mitigations: Firewall should prohibit access to privileged low number OS ports (<1024). Listening on a port < 1024 should be prohibited. | *Potential mitigations: Firewall should prohibit access to privileged low number OS ports (<1024). Listening on a port < 1024 should be prohibited. | ||
Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions? User prompted on first run? | *Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions? User prompted on first run? | ||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Use cases for certified code: Open a connection to any domain/port | *Use cases for certified code: Open a connection to any domain/port | ||
Authorization model: Implicit | *Authorization model: Implicit | ||
Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode) | *Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode) | ||
Revision as of 03:51, 19 June 2012
Name of API: Socket API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=733573
Brief purpose of API: Grant full access to raw sockets to allow applications such as SMTP clients etc General Use Cases: None
Inherent threats:Malicious apps attacking internal systems (firewall bypass), local device access
Threat severity: High
Regular web content (unauthenticated)
- Use cases for unauthenticated code:None
- Authorization model for normal content:None
- Authorization model for installed content:
- Potential mitigations:N/A
Trusted (authenticated by publisher)
- Use cases for authenticated code: Talk to non-HTTP services. SSH, FTP, mail clients, supporting custom protocols
- Use cases for trusted code: Implicit
- Potential mitigations: Firewall should prohibit access to privileged low number OS ports (<1024). Listening on a port < 1024 should be prohibited.
- Specify hosts/ports in the manifest, permissions granted implicitly. user can modify permissions? User prompted on first run?
Certified (vouched for by trusted 3rd party)
- Use cases for certified code: Open a connection to any domain/port
- Authorization model: Implicit
- Potential mitigations: specify hosts/ports in the manifest, permissions granted implicitly and not able to be revoked (unless device is in developer mode)