[tor-bugs] #19417 [Applications/Tor Browser]: asm.js files should not be cached to disk in Tor Browser and no linkability risk (was: asm.js files should not be cached to disk in Tor Browser)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 20 10:26:21 UTC 2016 

#19417: asm.js files should not be cached to disk in Tor Browser and no linkability
risk
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
     Type:  defect                               |  team
 Priority:  High                                 |         Status:
Component:  Applications/Tor Browser             |  assigned
 Severity:  Major                                |      Milestone:
 Keywords:  tbb-disk-leak, tbb-linkability,      |        Version:
  GeorgKoppen201606, TorBrowserTeam201606        |     Resolution:
Parent ID:                                       |  Actual Points:
 Reviewer:                                       |         Points:
                                                 |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:  tbb-disk-leak, GeorgKoppen201606, TorBrowserTeam201606 =>
     tbb-disk-leak, tbb-linkability, GeorgKoppen201606,
     TorBrowserTeam201606
 * cc: arthuredelstein (added)


Old description:

> #19400 revealed that asm.js files are cached to disk which violates our
> no-disk-leaks requirement. The upstream bug is
> https://bugzilla.mozilla.org/show_bug.cgi?id=1047105.

New description:

 #19400 revealed that asm.js files are cached to disk which violates at
 least our no-disk-leaks requirement. The upstream bug is
 https://bugzilla.mozilla.org/show_bug.cgi?id=1047105.

--

Comment:

 After thinking about it more it seems to me there is the additional risk
 that this mechanism could be used to embed supercookies. Like, deliver JS
 to a user that contains an identifier -> get that into the asmjscache ->
 once this is loaded anywhere ping the identifier back.

 Looking at https://blog.mozilla.org/luke/2014/01/14/asm-js-aot-
 compilation-and-startup-performance/ does not rule that scenario out:
 {{{
 The cache entry is keyed on: the origin of the script, the source
 characters of the asm.js module, the type of CPU and its features, the
 Firefox build-id (which changes on every major or minor release).
 }}}
 Note this would be especially problematic for Tor Browser users as we are
 currently not changing the build-id.

 Not sure what "the origin of the script" means but I doubt "URL bar
 domain". It could mean as well that the asmjs cache is not caring about
 starting SOP either.

 Reading between the lines on that blog post it appears to me that there is
 indeed a way to disable this whole caching mechanism with:
 `javascript.options.parallel_parsing` set to `false`. It's worth
 investigating this closer I think.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19417#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list