[tbb-bugs] #21862 [Applications/Tor Browser]: Make rust code in ESR 52 proxy safe
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 3 04:17:34 UTC 2017
#21862: Make rust code in ESR 52 proxy safe
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: ff52-esr, tbb-7.0-must, | Actual Points:
TorBrowserTeam201706R |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by manish.earth):
In the next ESR (and already in the current release), `--enable-rust` will
not exist.
When we say "third party" code it means vendored dependencies necessary
for building Firefox that are not directly maintained in the mozilla-
central repo. This is not something that can/should be ripped out.
Currently, the third_party directory is only used for vendored Rust
dependencies, however other vendored code may move there in the future.
In fact, rust-url is maintained by Servo, which is a Mozilla project.
However, there are other crates under third_party which are not maintained
by Mozilla. We intend to do some auditing before shipping. The currently
shipping crates are all maintained by the Servo or Rust projects.
Currently (as of a recent nightly), the Rust code in mozilla-central
consists of:
- The mp4 parser. Enabled by default. Should not hit the network.
- Stylo (enabled recently); servo's style system in Firefox. Built by
default, preffed off , planned to be preffed on on 57. Can be disabled; is
a large chunk of code. May become mandatory a few release cycles after 57.
This should not hit the network on its own, we thread through Gecko
networking code.
- Webrender. Built by default, preffed off. Should not hit the network.
- encoding-rs. I believe this is built by default and preffed on, but I
am unsure. Should not hit the network.
- rust-url for parsing, serialization, and manipulation of URLs. built by
default, preffed off. This is a currently-stalled experiment which won't
be enabled before we make it work well with everything. While this itself
shouldn't be hitting the network (it's only for dealing with the URL data,
not making requests), it will be audited more rigorously before being
enabled (right now it's just there for experimentation)
- We unconditionally use rust-url's IPV6 parsing code as of
https://bugzilla.mozilla.org/show_bug.cgi?id=1324243 . This code shouldn't
hit the network.
The call to `getaddrinfo` mentioned here exists because there is a
`ToSocketAddrs` implementation for URL; an implementation which is never
invoked.
However, we can probably add a build time option to remove them.
All the Rust code in Firefox gets built into
`$objdir/toolkit/library/$target/(debug or release)/libgkrust.a`, so
inspecting that binary may be useful in ensuring that getaddrinfo is never
called. Currently none of the Rust code being used should be calling it.
However, the standard library does include a call to getaddrinfo that goes
unused, which still turns up in that file -- I'm not sure how to
differentiate between used and unused here -- I tried creating a test Rust
staticlib that didn't do anything and even with `-Clto` the final
staticlib still had an unlinked getaddrinfo symbol. If y'all know the
correct linker args and `nm` / `objdump` invocation to use, let me know
and I'll run it on my local all-rust-enabled Firefox build.
Let me know if you need more info!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21862#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list