[tor-bugs] #21862 [Applications/Tor Browser]: Make rust code in ESR 52 proxy safe

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 2 07:29:08 UTC 2017


#21862: Make rust code in ESR 52 proxy safe
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  closed
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must,              |  Actual Points:
  TorBrowserTeam201706R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:9 arthuredelstein]:
 > So it looks to me like this is patching a "third-party library", whereas
 we should probably be ripping out something considered to be "first-party"
 gecko code.
 >
 > Another option might be just to remove the whole third-party directory
 or even all rust files from the source code.

 I think that is a good reminder of what we need to think about once
 building Rust parts is mandatory as this is different from the way we
 handled a lot of our proxy-bypass-(in-depth)-defenses so far. I think just
 for the sake of having those calls out of esr52 the current approach still
 seems to be sufficient. And if you can't get the stuff even compiled right
 now, even better. :) Thus, I take it as-is.

 Applied to `tor-browser-52.1.1esr-7.0-1` and `tor-browser-52.1.0-7.0-2`
 (commit 78aa6185cd8d1d11e09495f6e4dc5cbc19e80cba and
 88c25c56d96f8fc0801359358d808f0d0e7d4b93) with a changed commit message
 pointing out that we probably need a more elaborate approach once we
 compile with Rust enabled.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21862#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list