[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13613: Set network.security.ports.banned to block access to Tor por (torbutton/trunk/src/chrome/content)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r13613: Set network.security.ports.banned to block access to Tor por (torbutton/trunk/src/chrome/content)
From: mikeperry@xxxxxxxx
Date: Wed, 20 Feb 2008 03:30:37 -0500 (EST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Wed, 20 Feb 2008 03:30:39 -0500
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: mikeperry
Date: 2008-02-20 03:30:37 -0500 (Wed, 20 Feb 2008)
New Revision: 13613

Modified:
   torbutton/trunk/src/chrome/content/jshooks.js
   torbutton/trunk/src/chrome/content/torbutton.js
Log:

Set network.security.ports.banned to block access to Tor
ports. Probably should have done this a long time ago ;) 
Also, unset some prefs that weren't getting unset during 
uninstall.



Modified: torbutton/trunk/src/chrome/content/jshooks.js
===================================================================
--- torbutton/trunk/src/chrome/content/jshooks.js	2008-02-20 08:25:07 UTC (rev 13612)
+++ torbutton/trunk/src/chrome/content/jshooks.js	2008-02-20 08:30:37 UTC (rev 13613)
@@ -51,6 +51,9 @@
       scr.__defineGetter__("availLeft", function() { return 0;});
 
       window.__defineGetter__("screen", function() { return scr; });
+      with(window) {
+          screen = scr;
+      }
   }
 
   /* Timezone fix for http://gemal.dk/browserspy/css.html */
@@ -97,7 +100,7 @@
       var hmine = new Object();
       var ran = 0;
       window.__defineGetter__("history", function() { return hmine; });
-      window.history.__defineGetter__("length", function() { return htmp.length; });
+      window.history.__defineGetter__("length", function() { return 0; });
       var f = function() {
           if(!ran) {
               ran = 1;
@@ -107,6 +110,10 @@
       window.history.back = f;
       window.history.forward = f;
       window.history.go = f;
+      // Needed for Firefox bug XXX:
+      with(window) {
+        history = htmp;
+      }
   }
 
   var tmp = window.Date;

Modified: torbutton/trunk/src/chrome/content/torbutton.js
===================================================================
--- torbutton/trunk/src/chrome/content/torbutton.js	2008-02-20 08:25:07 UTC (rev 13612)
+++ torbutton/trunk/src/chrome/content/torbutton.js	2008-02-20 08:30:37 UTC (rev 13613)
@@ -616,11 +616,16 @@
                 m_tb_prefs.clearUserPref(children[i]);
         }
     }
+    
 
     // Always block disk cache during Tor. We clear it on toggle, 
     // so no need to keep it around for someone to rifle through.
     m_tb_prefs.setBoolPref("browser.cache.disk.enable", !mode);
 
+    // Disable safebrowsing in Tor. It fetches some info in cleartext 
+    m_tb_prefs.setBoolPref("browser.safebrowsing.enabled", !mode);
+
+
     // I think this pref is evil (and also hidden from user configuration, 
     // which makes it extra evil) and so therefore am disabling it 
     // by fiat for both tor and non-tor. Basically, I'm not willing 
@@ -630,10 +635,11 @@
 
     // Always, always disable remote "safe browsing" lookups.
     m_tb_prefs.setBoolPref("browser.safebrowsing.remoteLookups", false);
+
+    // Prevent pages from pinging the Tor ports regardless tor mode
+    m_tb_prefs.setCharPref("network.security.ports.banned", 
+            m_tb_prefs.getCharPref("extensions.torbutton.banned_ports"));
    
-    // Disable safebrowsing in Tor. It fetches some info in cleartext 
-    m_tb_prefs.setBoolPref("browser.safebrowsing.enabled", !mode);
-
     if (torprefs.getBoolPref("no_search")) {
         m_tb_prefs.setBoolPref("browser.search.suggest.enabled", !mode);
     }
@@ -1063,6 +1069,16 @@
         torbutton_disable_tor();
         // Still called by pref observer:
         // torbutton_update_status(false, false);
+
+        // Clear out prefs set regardless of Tor state 
+        if(m_tb_prefs.prefHasUserValue("browser.send_pings"))
+            m_tb_prefs.clearUserPref("browser.send_pings");
+
+        if(m_tb_prefs.prefHasUserValue("browser.safebrowsing.remoteLookups"))
+            m_tb_prefs.clearUserPref("browser.safebrowsing.remoteLookups");
+
+        if(m_tb_prefs.prefHasUserValue("network.security.ports.banned"))
+            m_tb_prefs.clearUserPref("extensions.torbutton.banned_ports");
     }
 
     if((m_tb_prefs.getIntPref("extensions.torbutton.shutdown_method") == 1 && 
@@ -1456,6 +1472,10 @@
     return;
 }
 
+// XXX: Tons of exceptions get thrown from this function on account
+// of its being called so early. Need to find a quick way to check if
+// aProgress and aRequest are actually fully initialized 
+// (without throwing exceptions)
 function torbutton_check_progress(aProgress, aRequest) {
     if (!m_tb_wasinited) {
         torbutton_init();

Prev by Author: [or-cvs] r13612: Fix content policy bug that broke snake oil ssl certs. Me? V (torbutton/trunk/src/components)
Next by Author: [or-cvs] r13614: Pref for network.security.ports.banned. (torbutton/trunk/src/defaults/preferences)
Previous by thread: [or-cvs] r13612: Fix content policy bug that broke snake oil ssl certs. Me? V (torbutton/trunk/src/components)
Next by thread: [or-cvs] r13614: Pref for network.security.ports.banned. (torbutton/trunk/src/defaults/preferences)
Index(es):
- Author
- Thread