mozilla :: #security

19 Apr 2017
00:03keeleraja: please file a bug:
00:03ajaerm2, sheesh: "pin-sha256='asdf..pin1=';pin-sha256='asdf..pin2=';"
00:06keeleraja: although perhaps the issue is the use of ' instead of " in the pin directives?
00:07ajanope...twas the 0 spaces between parms
00:07keeleraja: in that case please file a bug
00:08ajaiirc that's what spec calls for "1 or more", fwiw
00:08ajawill file
00:23* aja filed bug 1357603
00:23firebot UNCONFIRMED, Be more lenient in parsing of HPKP header
00:23ajakeeler: ^
00:34ajadon't think i have canconfirm powers anymore since changing email if someone could confirm, please?
01:16huzaifasabillings: no advisoreis yet?
19:54Gankroheyo, I'm working on some IPC code, and I'd like to understand what I should be looking out for security-wise. Where should I start?
19:56GankroSpecific case I'm wondering about: do we care if a malicious process can OOM/DDOS another? I assume not?
19:58Alex_GaynorI haven't though about this threat model deeply, but in general with sandboxing we want to treat the child process as hostile to the parent process; so maintaining availability in the face of that is one useful property, and probably contributes to stability -- I assume this is an issue like "child passes a length and then we malloc that much memory". I have
19:58Alex_Gaynorno clue if this is our official answer or not, but I think in cases like that bounding allocation sizes makes sense.
20:14GankroAlex_Gaynor: yeah that's basically it; are there any rules of thumb for bounding allocation size? Never had to do it before.
20:15Alex_GaynorI don't know, sorry. (I work on sandboxing, but I've only been here a few weeks :-))
20:55tjrGankro: The other thing about IPC is that the IPC mechanism should not be a thing that allows the child to escape the sandbox. For example, if the child can't talk to the filesystem, exposing an IPC call that lets the child do arbitrary filesystem stuff would be bad
21:03Alex_GaynorAs a general design principle, that means IPC messages should have semantics which allow enforcing permission boundaries. For example, don&#39;t create a WriteFile(<path>, <data>) API, have a SetSomeData(<data>) API and have the parent be responsible for managing the paths
21:03Alex_GaynorYou can&#39;t enforce a security boundary on an arbitrary path write with no corresponding semantics
21:56db`Well, I just noticed that one could use chrome import passwords functionality to retrieve all firefox passwords, despite being locked by the master password
21:57db`Any leads on this one?
22:31ulfrthat doesn&#39;t sound possible
22:31ulfrpassword files are protected by the master password (ok, with 3des, but still)
23:10kangits only encrypted if the master password is set
20 Apr 2017
No messages
Last message: 180 days and 18 hours ago