Security/Reviews/Firefox7/ReviewNotes/FennecSessionStore
From MozillaWiki
Items to be reviewed: Session Store Enhancements - https://wiki.mozilla.org/Fennec/Features/sessionstore Agenda:
Introduce Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- Enhance Session Store for better performance and memory management and for a smoother user experience, e.g. faster restart on crash or after Android killed the process in the background. Pick up where user left off (e.g. after crash or when terminated in background), adding session history (currently: only save last URL), performance improvements.
- lived in Firefox not in tabs or tools (and was not electrolysis (e10s) compatible) so had to be redone to be viable for mobile platforms
- if app was killed, on restart we could restore session state or auto open tabs as needed
- this feature adds items to session store for Fennec
- writing json file for session to earlier in the process instead of after page load, written out in DOMContentLoaded, might need to move it sooner
- scroll position was not being written out to the JSON, code added to address this
- save browsing history on a per tab basis, rather than last URL (at least what is cached in DocShell) :: preffed to 50, no cookies and no form data
What solutions/approaches were considered other than the proposed solution?
- take code directly from desktop
- desktop code was too large for mobile platforms
- basically copied desktop in terms of behavior and copied it to e10s
- what was old legacy that could be dropped for mobile
- what was more than neccessary for mobile that could be dropped
Why was this solution chosen?
- Different or same as desktop
- Different
- desktop is in browser and desktop related "isms" that do not translate to mobile
- current impl does not support e10s
- much larger than Fennec so memory concerns
Any security threats already considered in the design and why?
- none of this exposed to web content
- data that could be accessed by other installed applications
- history (in sql-lite db)
- file permission to create files
- was world readable, have changed this on android bug 650509
Threat Brainstorming
- tracking of threats as to what platforms are affected
- with a divergent code base between desktop and mobile this could be more difficult to discern
- tools should help with this
- once both use e10s code sharing should increase again
- Profile on SD card
- seperate discussion for that
- can a website purposly bloat this data to use up space
- with desktop possibly, on mobile no; 50 limit on session data and less is held
Conclusions / Action Items
- {suggestion} Secteam should help write guidelines about default security settings for reading/writing files (e.g. file permissions, file locations, ensuring to limit websites' ability to DoS by creating excessive amounts of data, need to review exceptions to default recommended permissions.)
- This raises the need to do a review of e10s, especially the shared memory sections (bsmedberg, Chris Jones, Ollie)