[tbb-dev] MOZ_DISABLE_NONLOCAL_CONNECTIONS

Georg Koppen gk at torproject.org
Mon Mar 26 09:17:00 UTC 2018 

Tom Ritter:
> 45 seconds ago I just learned about the environment variable
> MOZ_DISABLE_NONLOCAL_CONNECTIONS that we use in our testing
> environment. It feeds through to one real location in the browser:
> nsSocketTransport2
> https://searchfox.org/mozilla-central/rev/8976abf9cab8eb4661665cc86bd355cd08238011/netwerk/base/nsSocketTransport2.cpp#1297
> 
> This isn't a sandbox. If an attacker has code execution (parent or
> content process) they can make network connections manually from
> system libraries and will never touch this code. But it might be a way
> to add (some) assurance about browser features accidentally bypassing
> the proxy.
> 
> So I'm wondering if this is something Tor Browser can set for defense
> in depth. In fact, it's already in esr52:
> https://dxr.mozilla.org/mozilla-esr52/search?q=AreNonLocalConnectionsDisabled
>  I tried to get Tor Browser to unset the proxy but couldn't seem to
> get it to work; is there a patch that prevents this?

Not really. Or, sort of. I can use a Tor Browser without a proxy if I

1) Unset the proxy on the network pane on about:preferences#advanced and
choose a direct connection

2) Disable Torbutton and Tor Launcher

3) Flip `network.proxy.socks_remote_dns` to `false` (You might have
overlooked that one and, yes, we have that enforces a proxy if that pref
is set to `true`)

> It would be interesting to remove the patches tagged
> 'tbb-proxy-bypass' (on https://torpat.ch/uplift) and see if this
> prevented (some) of those.

Indeed! I've created a ticket for considering
MOZ_DISABLE_NONLOCAL_CONNECTIONS (#25622). It could contain an analysis
about which of those proxy bypasses would be prevented by that setting.
And we can think about whether we want to have it set for Tor Browser 8
(or even earlier?).

Georg

> -tom
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20180326/38b7f913/attachment.sig>

More information about the tbb-dev mailing list