[tbb-bugs] #28513 [Applications/Tor Browser]: Change SessionStore so it doesn't violate disk avoidence goal

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 19 03:52:39 UTC 2018


#28513: Change SessionStore so it doesn't violate disk avoidence goal
--------------------------------------+--------------------------
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by sysrqb):

 To be clear, this leaks a lot. As an example:

 {{{
 root at generic:/ # cat
 /data/data/org.torproject.torbrowser_alpha/files/mozilla/>
 {"windows":[{"tabs":[{"entries":[{"url":"https://people.torproject.org/~sysrqb/","title":"Index
 of /~sysrqb","ID":0,"docshellUUID":"{6f1762cf-
 09d1-4298-b244-dc6641a9b9e0}","originalURI":"https://people.torproject.org/~sysrqb/","resultPrincipalURI":null,"presState":[{"stateKey":"0>html>1","scroll":"0,27830","res":0.42244893312454224,"scaleToRes":true}],"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6ezQ2ZGRlMjFmLWUyY2ItNDk3ZS04MDY1LTg0ZTExMDg3ZTM1Nn0AAAA+XmZpcnN0UGFydHlEb21haW49NDZkZGUyMWYtZTJjYi00OTdlLTgwNjUtODRlMTEwODdlMzU2Lm1vemlsbGE=","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":0,"persist":true},{"url":"https://signal.org/download/","title":"Signal
 >> Download Signal","ID":4,"docshellUUID":"{6f1762cf-
 09d1-4298-b244-dc6641a9b9e0}","originalURI":"https://signal.org/download","resultPrincipalURI":"https://signal.org/download/","loadReplace":true,"loadReplace2":true,"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6e2JhMmYzNjg3LTQ5N2YtNGFjZS1iMTYyLTFiNmYxNDk2ODFhOX0AAAAA","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":4,"persist":true},{"url":"https://signal.org/android/apk/","title":"Signal
 >> Signal Android APK","ID":5,"docshellUUID":"{6f1762cf-
 09d1-4298-b244-dc6641a9b9e0}","originalURI":"https://signal.org/android/apk/","resultPrincipalURI":null,"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6e2Q5YzU0OTk0LTllMTAtNDEyZC05Mzk5LTFjMjNlMTU4MjgyNn0AAAA+XmZpcnN0UGFydHlEb21haW49ZDljNTQ5OTQtOWUxMC00MTJkLTkzOTktMWMyM2UxNTgyODI2Lm1vemlsbGE=","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":5,"persist":true}],"index":3,"attributes":{"image":null},"desktopMode":false,"isPrivate":false,"tabId":0,"parentId":-1,"scrolldata":{"scroll":"0,810","zoom":{"resolution":1,"displaySize":{"width":1080,"height":1584}}}},{"entries":[{"url":"about:downloads","title":"Downloads","ID":6,"docshellUUID":"{358696b0-1fb0-4fb6
 -8fed-
 cfd19865a528}","resultPrincipalURI":null,"triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":6,"persist":true},{"url":"https://people.torproject.org/~sysrqb/","title":"Index
 of /~sysrqb","ID":7,"docshellUUID":"{358696b0-1fb0-4fb6-8fed-
 cfd19865a528}","originalURI":"https://people.torproject.org/~sysrqb/","resultPrincipalURI":null,"principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6e2Q3NDBhNmNjLTA4ZjUtNGRiNS1iNThlLThmN2UzMDM1OTg4OX0AAAA+XmZpcnN0UGFydHlEb21haW49ZDc0MGE2Y2MtMDhmNS00ZGI1LWI1OGUtOGY3ZTMwMzU5ODg5Lm1vemlsbGE=","triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":7,"persist":true}],"index":2,"attributes":{"image":null},"desktopMode":false,"isPrivate":false,"tabId":1,"parentId":0,"scrolldata":{"scroll":"0,782","zoom":{"resolution":0.42244893312454224,"displaySize":{"width":1080,"height":1584}}}},{"entries":[{"url":"about:firefox","title":"About
 Tor Browser","ID":8,"docshellUUID":"{e143d6f0-044b-
 4e50-a1d3-15d48decd1cc}","resultPrincipalURI":null,"triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=","docIdentifier":8,"persist":true}],"index":1,"attributes":{"image":null},"desktopMode":false,"isPrivate":false,"tabId":2,"parentId":1,"scrolldata":{"zoom":{"resolution":0.666700005531311,"displaySize":{"width":1080,"height":1584}}}}],"closedTabs":[],"selected":2}]}
 }}}

 Or, so it's readable:
 {{{
 {
   "windows":[
     {
       "tabs":[
         {
           "entries":[
             {
               "url":"https://people.torproject.org/~sysrqb/",
               "title":"Index of /~sysrqb",
               "ID":0,
               "docshellUUID":"{6f1762cf-09d1-4298-b244-dc6641a9b9e0}",
               "originalURI":"https://people.torproject.org/~sysrqb/",
               "resultPrincipalURI":null,
               "presState":[
                 {
                   "stateKey":"0>html>1",
                   "scroll":"0,27830",
                   "res":0.42244893312454224,
                   "scaleToRes":true
                 }
               ],
 "principalToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkAAAAAAAAAAAwAAAAAAAAEYAAAA4bW96LW51bGxwcmluY2lwYWw6ezQ2ZGRlMjFmLWUyY2ItNDk3ZS04MDY1LTg0ZTExMDg3ZTM1Nn0AAAA+XmZpcnN0UGFydHlEb21haW49NDZkZGUyMWYtZTJjYi00OTdlLTgwNjUtODRlMTEwODdlMzU2Lm1vemlsbGE=",
 "triggeringPrincipal_base64":"SmIS26zLEdO3ZQBgsLbOywAAAAAAAAAAwAAAAAAAAEY=",
               "docIdentifier":0,
               "persist":true
             },
               [...]
           ],
           "index":1,
           "attributes":{
               "image":null
           },
           "desktopMode":false,
           "isPrivate":false,
           "tabId":2,
           "parentId":1,
           "scrolldata":{
             "zoom":{
               "resolution":0.666700005531311,
               "displaySize":{
                 "width":1080,
                 "height":1584
               }
             }
           }
         }
       ],
       "closedTabs":[],
       "selected":2
     }
   ]
 }
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28513#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list