[tor-bugs] #5273 [Firefox Patch Issues]: Update TBB design doc for 2.3.x

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Mar 15 20:33:13 UTC 2013 

#5273: Update TBB design doc for 2.3.x
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry                    
     Type:  defect                |         Status:  needs_review                 
 Priority:  major                 |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch Issues  |        Version:                               
 Keywords:  MikePerry201302d      |         Parent:                               
   Points:                        |   Actualpoints:  16                           
----------------------------------+-----------------------------------------

Comment(by gk):

 Replying to [comment:43 mikeperry]:
 > Replying to [comment:42 gk]:
 > > 3.2.4) I am wondering if that adversary described there is still the
 one you assume when you are talking about a passive forensic local
 adversary. If I as an adversary have intermittent or constant physical
 access, well, then I have more options than just passively monitoring
 something... Maybe a comment or a hint like you did with 3.3.3 would help
 here.
 >
 > Well, 3.2.4 is just about positioning.

 Ah, yes. I missed that somehow while I was reading that section. Makes
 sense.

 > > 4.8.7) It seems to me that closing the Tor Browser is not early enough
 as there are numerous add-ons that start network activity way before the
 browser.js code is running. But I am not sure if that justifies an own
 Design Goal section here which states that one tries to patch the Tor
 Browser in a way that it is guaranteed to only start network activity if
 Tor is up, running and used.
 >
 > I am confused what you mean here. We don't actually kill the Firefox
 process, and we consider addon network activity out of scope...

 Okay, I was just referring to
 {{{
 appStartup.quit(3);
 }}}
 which forces all windows to close and quits Firefox thereafter. But if
 addon network activity is out of scope, just having patch 0007 is fine.

 3.3.1) Just a typo: "realtively"

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5273#comment:45>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list