Closed Bug 751011 Opened 13 years ago Closed 11 years ago

[Security Review] Time/Clock API

Categories

(mozilla.org :: Security Assurance, task, P2)

Product:
mozilla.org
Component:
Security Assurance
Platform:
x86
macOS
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: pauljt, Assigned: pauljt)

References

(
URL
)

Details

(Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy]) 

Set current time. Timezone will go in the Settings API.
Assignee: nobody → ptheriault
Status: NEW → ASSIGNED
Priority: -- → P1
There is no time API, but I didnt just notice that there is a permission to set the clocktime in https://mxr.mozilla.org/mozilla-central/source/extensions/cookie/Permission.txt?raw=1

Hence I am leaving this as a P2 on the new scale.
Priority: P1 → P2
Assignee: ptheriault → nobody
please don't assign bugs to nobody, they show up in triage :)
Assignee: nobody → ptheriault
This API is described here: https://developer.mozilla.org/en-US/docs/WebAPI/Time_and_Clock

It is very simple API which allows certified apps to change the system time. There are security implications of being able to change the time (e.g. certificates can be expired if the time is wrong). But the main mitigation here is that this is a certified permission (i.e. equiv of a privileged chrome API, only apps shipped with the device written by mozilla will use this permission).

The main threat with this API is that an app might be somehow be able to call this API without a permission. The api is called like this:

navigator.mozTime.set(time);

The permissions check can be seen in 
https://mxr.mozilla.org/mozilla-central/source/dom/base/Navigator.cpp#1489

1492 #ifdef MOZ_TIME_MANAGER
1493 NS_IMETHODIMP
1494 Navigator::GetMozTime(nsISupports** aTime)
1495 {
1496   *aTime = nullptr;
1497 
1498   NS_ENSURE_STATE(mWindow);
1499   if (!CheckPermission("time")) {
1500     return NS_ERROR_DOM_SECURITY_ERR;
1501   }
1502 
1503   if (!mTimeManager) {
1504     mTimeManager = new time::TimeManager(mWindow);
1505   }
1506 
1507   NS_ADDREF(*aTime = mTimeManager);
1508   return NS_OK;
1509 }
1510 #endif

So the permission check is made on the navigator.mozTime object - without the permission, a security error is thrown, and mozTime is null, as can be seen above.
URL: https://wiki.mozilla.org/Security/B2G/https://developer.mozilla.org/en-US/d...
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.