[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27616 [Applications/Tor Browser]: Double-check Rust code for potential proxy bypass in ESR 60

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #27616 [Applications/Tor Browser]: Double-check Rust code for potential proxy bypass in ESR 60
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 14 Sep 2018 03:08:16 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 13 Sep 2018 23:08:28 -0400
In-reply-to: <042.69921294235bb19a5c6468970f48c4db@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.69921294235bb19a5c6468970f48c4db@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#27616: Double-check Rust code for potential proxy bypass in ESR 60
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  task                      |         Status:  new
 Priority:  Very High                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:  #22176                    |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by sysrqb):

 Replying to [comment:2 gk]:
 > See the second part of comment:15:ticket:22176

 Okay, I started with gk's 3) from that ticket. First, I enumerated all
 packages and their dependencies (not including the vendored crates). From
 these packages, I searched for all occurrences of "tcp", "udp", "socket",
 "bind", "connect", "listener", "send", "recv", and "stream". (I don't
 claim these are the only functions/methods that can be used for
 transmitting a message).

 I found these are the in-tree packages (not vendored in
 `third_party/rust`):
 {{{
 media/mp4parse-rust/mp4parse_capi
 servo/support/gecko/nsstring
 xpcom/rust/nserror
 netwerk/base/rust-helper
 xpcom/rust/xpcom
 xpcom/rust/xpcom/xpcom_macros
 modules/libpref/parser
 netwerk/base/rust-url-capi
 dom/webauthn/u2f-hid-rs
 servo/ports/geckolib
 }}}

 For each of those packages, I ran
 {{{
 $ grep -rni -E "tcp|udp|socket|bind|connect|listener|send|recv|stream" $p
 }}}

 (where `$p` was each directory path from above).

 Many of the results were false-positives. In particular, `bind` matched
 many incstances of "binding" or "bindgen". So, excluding those:
 {{{
 $ grep -rni -E "tcp|udp|socket|bind|connect|listener|send|recv|stream" $p
 | grep -v -E "[bB]inding|[bB]indgen" | grep -ni --color=always -E
 "tcp|udp|socket|bind|connect|listener|send|recv|stream"
 }}}

 These directories didn't contain any matches:
 {{{
 servo/support/gecko/nsstring
 xpcom/rust/nserror
 netwerk/base/rust-helper
 modules/libpref/parser
 netwerk/base/rust-url-capi
 servo/ports/geckolib
 }}}

 `media/mp4parse-rust/mp4parse_capi` has instances of "stream" (but that's
 not surprising considering it's doc comment says "Parses ISO Base Media
 Format aka video/mp4 streams."). All instances of `stream` are from audio
 (FLAC) track information.

 `xpcom/rust/xpcom/xpcom_macros` has a occurrence of "bind" and a few
 instances of "stream". "bind" is related to FFI, and "stream" are
 `TokenStream`s.

 `dom/webauthn/u2f-hid-rs` has "send" and "recv", but these are methods
 called on a `std::sync::mpsc::channel`. There is another wrapper method
 `sendrecv` that calls `U2FHIDCont::write` and `U2FHIDInit::read` for
 reading/writing the U2F device. These read/write methods specifically take
 a device as the first argument. Using this for making network calls seems
 very difficult (without digging too deep).

 (to be continued.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27616#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #27616 [Applications/Tor Browser]: Double-check Rust code for potential proxy bypass in ESR 60
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #27589 [Applications/Tor Browser]: "Javascript is disabled on non-HTTPS sites" from security slider has regressed in TBB 8 / NoScript 10
Next by Author: Re: [tor-bugs] #27461 [Core Tor/Tor]: Windows: cast between incompatible function types in main (was: Appveyor: cast between incompatible function types in main)
Previous by thread: Re: [tor-bugs] #27616 [Applications/Tor Browser]: Double-check Rust code for potential proxy bypass in ESR 60
Next by thread: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #26871, #26846, #26842, #26841, ...
Index(es):
- Author
- Thread