[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbutton/maint-1.9.6] Bug 21396: Allow leaking of resource/chrome URIs



commit fc00aef1fd552784dfca72dcdbb78e72e2f9932e
Author: Georg Koppen <gk@xxxxxxxxxxxxxx>
Date:   Wed Mar 1 20:55:34 2017 +0000

    Bug 21396: Allow leaking of resource/chrome URIs
    
    Our work around for https://bugzilla.mozilla.org/show_bug.cgi?id=863246
    is filtering content requests to resource:// and chrome:// URIs in a way
    that neuters this fingerprinting vector while not breaking standard Tor
    Browser functionality.
    
    However, there are extensions like Session Manager that are broken with
    this strategy. Users who think having extensions like that one working
    is much more important than avoiding the possible information leakage
    associated with that get a preference they can toggle now.
    
    'extensions.torbutton.resource_and_chrome_uri_fingerprinting' is by
    default 'false' but setting it to 'true' effectively disables our
    defense we developed in #8725 and related bugs.
---
 src/components/content-policy.js        | 18 +++++++++++++++---
 src/defaults/preferences/preferences.js |  1 +
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index 5c0ecf5..b11c4e7 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -12,8 +12,16 @@ const Cc = Components.classes, Ci = Components.interfaces, Cu = Components.utils
 
 // Import XPCOMUtils object.
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+let { bindPrefAndInit } =
+    Cu.import("resource://torbutton/modules/utils.js", {});
 
-function ContentPolicy() {}
+function ContentPolicy() {
+  this.uriFingerprinting = null;
+  bindPrefAndInit("extensions.torbutton.resource_and_chrome_uri_fingerprinting",
+    function (enabled) {
+      this.uriFingerprinting = enabled;
+    });
+}
 
 ContentPolicy.prototype = {
   classDescription: "ContentPolicy",
@@ -44,9 +52,13 @@ ContentPolicy.prototype = {
 
   shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
 
-    // Accept if no content URI or scheme is not a resource/chrome.
-    if (!aContentLocation || !(aContentLocation.schemeIs('resource') || aContentLocation.schemeIs('chrome')))
+    // Accept if the user does not care, no content URI is available or scheme
+    // is not resource/chrome.
+    if (this.uriFingerprinting || !aContentLocation ||
+        !(aContentLocation.schemeIs('resource') ||
+          aContentLocation.schemeIs('chrome'))) {
       return Ci.nsIContentPolicy.ACCEPT;
+    }
 
     // Accept if no origin URI or if origin scheme is chrome/resource/about.
     if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index a8eea21..d91fd77 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -39,6 +39,7 @@ pref("extensions.torbutton.startup_state", 2); // 0=non-tor, 1=tor, 2=last
 pref("extensions.torbutton.tor_memory_jar",false);
 pref("extensions.torbutton.nontor_memory_jar",false);
 pref("extensions.torbutton.launch_warning",true);
+pref("extensions.torbutton.resource_and_chrome_uri_fingerprinting",false);
 // Opt out of Firefox addon pings:
 // https://developer.mozilla.org/en/Addons/Working_with_AMO
 pref("extensions.torbutton@xxxxxxxxxxxxxx.getAddons.cache.enabled", false);

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits