User talk:Comrade693/SQLite 3.6.4 Security Review

From MozillaWiki
Jump to: navigation, search

Overview

Upgrading SQLite so we can get the perf and stability improvements they've had since April.

Background links

Security and Privacy

  • What security issues do you address in your project?
    • none that I am aware of
  • Is system or subsystem security compromised in any way if your project's configuration files / prefs are corrupt or missing?
    • no
  • Include a thorough description of the security assumptions, capabilities and any potential risks (possible attack points) being introduced by your project.

Exported APIs

  • Please provide a table of exported interfaces (APIs, ABIs, protocols, UI, etc.)
  • Does it interoperate with a web service? How will it do so?
    • No
  • Explain the significant file formats, names, syntax, and semantics.
  • Are the externally visible interfaces documented clearly enough for a non-Mozilla developer to use them successfully?
    • No - they should use mozStorage APIs
  • Does it change any existing interfaces?
    • No

Module interactions

  • What other modules are used (REQUIRES in the makefile, interfaces)
    • none

Data

  • What data is read or parsed by this feature
    • SQLite database files
  • What is the output of this feature
    • SQLite database files
  • What storage formats are used
    • SQLite's internal storage format

Reliability

  • What failure modes or decision points are presented to the user?
    • There are none in this code; consumer specific
  • Can its files be corrupted by failures? Does it clean up any locks/files after crashes?
    • Yes, if you turn off synchronous behavior which ensures that files cannot be corrupted by a crash.
    • Yes, locks and files added are cleaned up after a crash

Configuration

  • Can the end user configure settings, via a UI or about:config? Hidden prefs? Environment variables?
    • yes - they can change how fsyncs with toolkit.storage.synchronous
  • Are there build options for developers? [#ifdefs, ac_add_options, etc.]
    • yes - they can enable system sqlite over our own version (must be version number at or equal to what we have in tree)
  • What ranges for the tunable are appropriate? How are they determined?
    • toolkit.storage.synchronous
      • 0 - OFF, makes fsyncs not happen at all (risky for data integrity)
      • 1 - NORMAL, reduces the number of fsyncs by one in normal transactions. This is the default value, and the value used for an invalid input.
      • 2 - FULL, which is the safest setting for data integrity
  • What are its on-going maintenance requirements (e.g. Web links, perishable data files)?
    • updating to newer versions if something comes up (fairly trivial to do)

Relationships to other projects

Are there related projects in the community?

  • If so, what is the proposal's relationship to their work? Do you depend on others' work, or vice-versa?
  • Are you updating, copying or changing functional areas maintained by other groups? How are you coordinating and communicating with them? Do they "approve" of what you propose?

Review comments

  • tangentially related: review code that has turned off synchronous writes for data integrity. Cookies, permission manager, per-site settings, offline cache
  • some SQL consumers were added prior to systematic security design reviews. Need to look at their SQL and make sure we're not vulnerable to injection.
  • Need a "best practices" mozStorage developer doc, for Mozilla developers and addon developers.