[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21863 [Applications/Tor Browser]: Ensure proxy safety on Android

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #21863 [Applications/Tor Browser]: Ensure proxy safety on Android
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 20 Jun 2018 23:25:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 Jun 2018 19:26:02 -0400
In-reply-to: <042.60e0868b950b9504af541e43cc670848@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.60e0868b950b9504af541e43cc670848@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21863: Ensure proxy safety on Android
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  sysrqb
     Type:  defect                               |         Status:
                                                 |  accepted
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, tbb-7.0-must, tbb-       |  Actual Points:
  proxy-bypass, TorBrowserTeam201806             |
Parent ID:  #5709                                |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------
Changes (by sysrqb):

 * status:  new => accepted
 * owner:  tbb-team => sysrqb


Comment:

 Auditing the code for network connections. On my first pass I see Mozilla
 already plugged many proxy-bypass calls. Most of the remaining instances
 are within the Firefox Accounts code. The telemetry code and mozstumbler
 have bypass bugs, too. We don't use telemetry, so that should not be a
 problem, but we will plug this hole when we patch the FxA bug. We should
 exclude mozstumbler at compile-time.

 The main problem is in
 `mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java`.
 After many layers, I believe the bypass happens in
 `mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/conn/DefaultClientConnectionOperator.java`.
 In addition, both
 `mobile/android/thirdparty/ch/boye/httpclientandroidlib/conn/ssl/SSLConnectionSocketFactory.java`
 and
 `mobile/android/thirdparty/ch/boye/httpclientandroidlib/conn/ssl/SSLSocketFactory.java`
 leak. These should be solved in #22170.

 || File || Analysis ||
 ||
 mobile/android/base/java/org/mozilla/gecko/telemetry/TelemetryUploadService.java
 || Proxy-bypass by  BaseResource ||
 ||
 mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java
 || Proxy-bypass in makeConnection(), check UAS passed into constructor ||
 ||
 mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/UdpDataSource.java
 || Proxy-bypass, creates UDP socket ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/FxAccountClient20.java
 ||  Check FxAccount UserAgent, Check how now() is used, Proxy-bypass using
 BaseResource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/oauth/FxAccountOAuthClient10.java
 || Proxy-bypass using BaseResource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/profile/FxAccountProfileClient10.java
 || Proxy-bypass using BaseResource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/browserid/verifier/BrowserIDRemoteVerifierClient10.java
 || Proxy-bypass using BaseResource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/browserid/verifier/BrowserIDRemoteVerifierClient20.java
 || Proxy-bypass using BaseResource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/push/autopush/AutopushClient.java
 || Proxy-bypass using BaseResource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/MetaGlobal.java
 || Likely Proxy-bypass, Check SyncStorageRecordRequest ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageRecordRequest.java
 || Proxy-bypass via Resource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageRequest.java
 || Proxy-bypass via Resource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/TLSSocketFactory.java
 || Possible Proxy-bypass via
 ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory.createSocket() ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/repositories/downloaders/BatchingDownloader.java
 || Proxy-bypass via Resource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/repositories/uploaders/RecordUploadRunnable.java
 || Proxy-bypass via Resource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/stage/EnsureCrypto5KeysStage.java
 || Proxy-bypass via Resource ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/sync/stage/FetchInfoCollectionsStage.java
 || Likely Proxy-bypass ||
 ||
 mobile/android/services/src/main/java/org/mozilla/gecko/tokenserver/TokenServerClient.java
 || Proxy-bypass via Resource ||
 ||
 mobile/android/stumbler/java/org/mozilla/mozstumbler/service/utils/AbstractCommunicator.java
 || Proxy-bypass by URL.openConnection() ||

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21863#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21014 [Obfuscation/Censorship analysis]: Turkey blocking of direct connections, 2016-12-12
Next by Author: Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services
Previous by thread: Re: [tor-bugs] #26435 [Core Tor/Tor]: memory leak in parse_protocol_list
Next by thread: Re: [tor-bugs] #21863 [Applications/Tor Browser]: Ensure proxy safety on Android
Index(es):
- Author
- Thread