Tom Ritter:
45 seconds ago I just learned about the environment variable MOZ_DISABLE_NONLOCAL_CONNECTIONS that we use in our testing environment. It feeds through to one real location in the browser: nsSocketTransport2 https://searchfox.org/mozilla-central/rev/8976abf9cab8eb4661665cc86bd355cd08...
This isn't a sandbox. If an attacker has code execution (parent or content process) they can make network connections manually from system libraries and will never touch this code. But it might be a way to add (some) assurance about browser features accidentally bypassing the proxy.
So I'm wondering if this is something Tor Browser can set for defense in depth. In fact, it's already in esr52: https://dxr.mozilla.org/mozilla-esr52/search?q=AreNonLocalConnectionsDisable... I tried to get Tor Browser to unset the proxy but couldn't seem to get it to work; is there a patch that prevents this?
Not really. Or, sort of. I can use a Tor Browser without a proxy if I
1) Unset the proxy on the network pane on about:preferences#advanced and choose a direct connection
2) Disable Torbutton and Tor Launcher
3) Flip `network.proxy.socks_remote_dns` to `false` (You might have overlooked that one and, yes, we have that enforces a proxy if that pref is set to `true`)
It would be interesting to remove the patches tagged 'tbb-proxy-bypass' (on https://torpat.ch/uplift) and see if this prevented (some) of those.
Indeed! I've created a ticket for considering MOZ_DISABLE_NONLOCAL_CONNECTIONS (#25622). It could contain an analysis about which of those proxy bypasses would be prevented by that setting. And we can think about whether we want to have it set for Tor Browser 8 (or even earlier?).
Georg
-tom _______________________________________________ tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev