[tor-bugs] #9308 [Firefox Patch Issues]: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 22 16:11:29 UTC 2014
#9308: JavaScript's BrowserFeedWriter() leaks installation paths on OS X and
Windows
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_revision
Priority: critical | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-easy, interview
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by arthuredelstein):
Replying to [comment:26 gk]:
> And what happens if we don't precompile the cache but add an
*uncompiled* version to resource/app/components? If the Tor Browser is not
complaining then we probably have the easiest solution to our problem.
I tried that. It doesn't complain, but it still leaks the install path. TB
must not be recognizing an uncompiled version in that location as valid,
and falling back on the uncompiled version stored in another location.
> What about Mike's idea of doing a python stub that is doing the pre-
compilation?
Maybe I'm not understanding this suggestion. I don't see how python can
compile JavaScript, unless we write our own JS compiler ;). I'm not an
expert on this startup cache, but from my googlings, it seems these files
are SpiderMonkey-compatible bytecode.
> And what about compiling those .js files once and ship them as resources
via the gitian versions files?
Yes, I think that absolutely can work, but don't we then need a way to
verify the integrity of those binary files on the build machine? Is there
currently a mechanism for doing that? Would checking the binaries into
tor-browser.git or tor-brower-bundle.git and relying on git's hashing
strategy be acceptable?
> > An alternative would be to try to re-write the `file://` URIs to
`resource://` URIs in the thrown exceptions. A class,
nsResProtocolHandler, stores a mapping from `resource://` URIs to
`file://` URIs, so we might be able to add some code that reverses this
mapping so that we can do the re-writing. Such a patch is perhaps not too
likely to be adopted by Mozilla. On the other hand, since the two known
bugs (`BrowserFeedWriter` and `sidebar.addSearchEngine`) are not present
in ESR31, we could simply create a temporary patch that can be discarded
when rebasing of TBB to ESR31 happens.
>
> Sounds complicated but if it works why not (I have not looked at the
code to estimate how large that patch would have to be, so it might
instead be quite easy to provide one). BTW: Are we sure there are no other
components exposed to the website that could cause similar issues?
This approach would cover exceptions thrown through a similar code path,
but not necessarily other unknown path leaks. I'm not sure how tricky it
is yet...
> Given that this is obsolete with ESR 31 choosing the fastest way to
solve this ticket seems to be a good approach. :)
I agree wholeheartedly! :P
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9308#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list