[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18996 [Applications/Tor Browser]: Investigate server logging in ESR45

Subject: Re: [tor-bugs] #18996 [Applications/Tor Browser]: Investigate server logging in ESR45
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 23 May 2016 21:38:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 23 May 2016 17:39:01 -0400
In-reply-to: <042.4978b15d40f5983a23810f6f55932142@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.4978b15d40f5983a23810f6f55932142@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18996: Investigate server logging in ESR45
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  task                      |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ff45-esr                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by arthuredelstein):

 Replying to [comment:4 mcs]:
 > When the prefs are disabled, does the browser still parse the data sent
 in the X-ChromeLogger-Data headers? I don't think this feature raises an
 obvious security or privacy issue, but it would be bad to leave server
 logging enabled if it turns out that there is a bug in how the JSON data
 is parsed or presented.

 Good question. I added a `dump` statement to the part of the code where
 the "X-ChromeLogger-Data" header value is parsed. I was able to manually
 confirm that this code is not called except when "Server" logging is
 enabled (through the button in the devtools UI, or in the prefs). Here's
 my test code in case anyone is interested:

 https://github.com/arthuredelstein/tor-browser/commit/18996

 (Note this patch is for testing purposes only.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18996#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #18996 [Applications/Tor Browser]: Investigate server logging in ESR45
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #19164 [Applications/Tor Browser]: Backport - Remove support for SHA-1 HPKP pins
Next by Author: Re: [tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
Previous by thread: Re: [tor-bugs] #18996 [Applications/Tor Browser]: Investigate server logging in ESR45
Next by thread: Re: [tor-bugs] #18996 [Applications/Tor Browser]: Investigate server logging in ESR45
Index(es):
- Author
- Thread