[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torbutton/master] Bug 21396: Allow leaking of resource/chrome URIs
commit 84ff007519fa475d36800e979169f961fe0c072e
Author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date: Wed Mar 1 20:55:34 2017 +0000
Bug 21396: Allow leaking of resource/chrome URIs
Our work around for https://bugzilla.mozilla.org/show_bug.cgi?id=863246
is filtering content requests to resource:// and chrome:// URIs in a way
that neuters this fingerprinting vector while not breaking standard Tor
Browser functionality.
However, there are extensions like Session Manager that are broken with
this strategy. Users who think having extensions like that one working
is much more important than avoiding the possible information leakage
associated with that get a preference they can toggle now.
'extensions.torbutton.resource_and_chrome_uri_fingerprinting' is by
default 'false' but setting it to 'true' effectively disables our
defense we developed in #8725 and related bugs.
---
src/components/content-policy.js | 18 +++++++++++++++---
src/defaults/preferences/preferences.js | 1 +
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index 5c0ecf5..b11c4e7 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -12,8 +12,16 @@ const Cc = Components.classes, Ci = Components.interfaces, Cu = Components.utils
// Import XPCOMUtils object.
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+let { bindPrefAndInit } =
+ Cu.import("resource://torbutton/modules/utils.js", {});
-function ContentPolicy() {}
+function ContentPolicy() {
+ this.uriFingerprinting = null;
+ bindPrefAndInit("extensions.torbutton.resource_and_chrome_uri_fingerprinting",
+ function (enabled) {
+ this.uriFingerprinting = enabled;
+ });
+}
ContentPolicy.prototype = {
classDescription: "ContentPolicy",
@@ -44,9 +52,13 @@ ContentPolicy.prototype = {
shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
- // Accept if no content URI or scheme is not a resource/chrome.
- if (!aContentLocation || !(aContentLocation.schemeIs('resource') || aContentLocation.schemeIs('chrome')))
+ // Accept if the user does not care, no content URI is available or scheme
+ // is not resource/chrome.
+ if (this.uriFingerprinting || !aContentLocation ||
+ !(aContentLocation.schemeIs('resource') ||
+ aContentLocation.schemeIs('chrome'))) {
return Ci.nsIContentPolicy.ACCEPT;
+ }
// Accept if no origin URI or if origin scheme is chrome/resource/about.
if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index b7fa11b..b9ba458 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -39,6 +39,7 @@ pref("extensions.torbutton.startup_state", 2); // 0=non-tor, 1=tor, 2=last
pref("extensions.torbutton.tor_memory_jar",false);
pref("extensions.torbutton.nontor_memory_jar",false);
pref("extensions.torbutton.launch_warning",true);
+pref("extensions.torbutton.resource_and_chrome_uri_fingerprinting",false);
// Opt out of Firefox addon pings:
// https://developer.mozilla.org/en/Addons/Working_with_AMO
pref("extensions.torbutton@xxxxxxxxxxxxxx.getAddons.cache.enabled", false);
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits