[tor-bugs] #5715 [TorBrowserButton]: "New Identity" has cache race conditions that temporarily allow evercookies (was: TorBrowser not defending against evercookies despite of TorBrowserButton "New Identity")
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue May 1 22:10:30 UTC 2012
#5715: "New Identity" has cache race conditions that temporarily allow evercookies
------------------------------+---------------------------------------------
Reporter: guiseppe | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone:
Component: TorBrowserButton | Version:
Keywords: MikePerry201205 | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
Comment(by mikeperry):
Ok, I think I got a fix for this. There's two parts: In TorBrowserButton,
we now explicitly clear the image cache. In Tor Browser, I patched
nsCacheService::EvictEntires to include an atomic call to wipe the
"doomed" cache entry list.
These two combined appear to eliminate the race condition. I'm unable to
get the evercookies to persist on my dev build with these changes. The
exact mechanics of the "doomed" list expiry are still a bit fuzzy to me,
though. I just sort of cargo-culted the expiry code from the cache service
shutdown routine...
Also, there is a very suspicious comment in the ImageCache code that seems
to indicate it may not be obeying our CacheKey isolation.
gk - if you have spare cycles, could you maybe test third party images and
make sure the same image url still gets 200 load requests from two
different url bar domains?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5715#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list