Security/Reviews/BackGroundUpdates: Difference between revisions

Item Reviewed

{{#set:SecReview name=Silent Updates-Background Updates |SecReview target=* https://bugzilla.mozilla.org/show_bug.cgi?id=307181` ** focus on risk as it stands with the windows service for background updates * https://wiki.mozilla.org/Windows_Service_Silent_Update }}

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

• uses a second copied dir
  • updates done here, on next start the existing dir is replaced with the updated one
• interactions with the service via updater.exe
  • checks for write access to target dir, if fails launches via service to get rights to install dir
    • same as the old process only we prompted previously

What solutions/approaches were considered other than the proposed solution?

`

Why was this solution chosen?

`

Any security threats already considered in the design and why?

`

Threat Brainstorming

• what if they can access program files, but not service dir
  • service updates are after regular update
  • is update fails then service update does not occur
  • is user does not have rights to install service it will fail
    • not a sec concern, but should be looked at
• if service has the bug but user cannot update
  • can push out an update to always update to address
  • this is done in the post update operations
• is the work item used here
  • the work item is gone, as the service is on demand and not always running
  • any user can start the service
    • there are several checks to combat improper use of the service (see the wiki)

{{#set: SecReview feature goal=* uses a second copied dir

• • updates done here, on next start the existing dir is replaced with the updated one
• interactions with the service via updater.exe
  • checks for write access to target dir, if fails launches via service to get rights to install dir
    • same as the old process only we prompted previously

|SecReview alt solutions=' |SecReview solution chosen=' |SecReview threats considered=' |SecReview threat brainstorming=* what if they can access program files, but not service dir

• • service updates are after regular update
  • is update fails then service update does not occur
  • is user does not have rights to install service it will fail
    • not a sec concern, but should be looked at
• if service has the bug but user cannot update
  • can push out an update to always update to address
  • this is done in the post update operations
• is the work item used here
  • the work item is gone, as the service is on demand and not always running
  • any user can start the service
    • there are several checks to combat improper use of the service (see the wiki)

}}

Action Items

{{#set:|SecReview action item status=Complete

|Feature version=Firefox 12

|SecReview action items=

}}