[tor-bugs] #6314 [TorBirdy]: prevent leak via Date header field (local timestamp disclosure)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 9 01:49:12 UTC 2015
#6314: prevent leak via Date header field (local timestamp disclosure)
----------------------+------------------------------
Reporter: tagnaq | Owner: ioerror
Type: defect | Status: needs_review
Priority: High | Milestone:
Component: TorBirdy | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #9131 | Points:
Sponsor: |
----------------------+------------------------------
Changes (by arthuredelstein):
* status: new => needs_review
* severity: => Normal
Comment:
Here's a JS torbirdy patch that allows us to round the Date header down to
the nearest minute. It uses a custom Date header emitter that overrides
Thunderbird's default Date header emitter.
https://github.com/arthuredelstein/torbirdy/commit/6314
(Alternatively, we could use the custom emitter to cause the Date header
to be blank, randomized, rounded to the nearest hour, day, etc.)
This torbirdy patch should mean we won't need a patch for
https://bugzil.la/980573. Thanks to jcranmer for helping me understand the
Thunderbird logic.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6314#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list