[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3508 [TorBrowserButton]: Apply new SafeCache patch

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3508 [TorBrowserButton]: Apply new SafeCache patch
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 06 Jul 2011 00:12:39 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 05 Jul 2011 20:12:52 -0400
In-reply-to: <049.72dcb95d32565987682d1f2e10166adc@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.72dcb95d32565987682d1f2e10166adc@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3508: Apply new SafeCache patch
---------------------------------+------------------------------------------
    Reporter:  mikeperry         |       Owner:  mikeperry                      
        Type:  enhancement       |      Status:  closed                         
    Priority:  major             |   Milestone:                                 
   Component:  TorBrowserButton  |     Version:                                 
  Resolution:  fixed             |    Keywords:  MikePerryIterationFires20110630
      Parent:                    |      Points:  3                              
Actualpoints:  3                 |  
---------------------------------+------------------------------------------
Changes (by mikeperry):

  * status:  new => closed
  * points:  => 3
  * resolution:  => fixed
  * actualpoints:  => 3


Comment:

 This ended up being a little tricky. We had to add some new prefs, remove
 the ones there, and change the default behavior a bit.

 The result is that the cache restrictions are no longer tied to the cookie
 policy. 3rd party elements are given a cache key that binds them to the
 url bar domain. The original code by Collin Jackson binded elements to the
 domain in the referer, but this ended up producing some odd properties
 that seem non-ideal and yield no real security gain against cooperating
 adversaries.

 As a result, Collin's test cases on the SafeCache test site won't function
 as expected. The test to verify functionality is to ensure that you get a
 different random ID whenver you actually load one of those iframes as
 either a top-level page or from another origin. This test works with
 1.4.0.

 The cookie restrictions are disabled. We need an implementation that
 applies to JS cookies as well for us to bother, I think.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3508#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #3413 [EFF-HTTPS Everywhere]: Review HTTPS Everywhere Observatory Alpha
Next by Author: Re: [tor-bugs] #3446 [Torbutton]: Support Firefox 5.0.
Previous by thread: Re: [tor-bugs] #3413 [EFF-HTTPS Everywhere]: Review HTTPS Everywhere Observatory Alpha
Next by thread: Re: [tor-bugs] #3446 [Torbutton]: Support Firefox 5.0.
Index(es):
- Author
- Thread