[tor-bugs] #32002 [Applications/Tor Browser]: Double-check Storage Access API for disk leaks and 3rd party cookie blocking adherence

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 8 20:11:07 UTC 2019 

#32002: Double-check Storage Access API for disk leaks and 3rd party cookie
blocking adherence
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-disk-leak, TorBrowserTeam201910  |  Actual Points:
Parent ID:                                       |         Points:  0.2
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Here comes the second part. Note, we are actually using content protection
 in the mode where we outright disable third party cookies (see #26345 for
 what we did).

 We are good here, too, as the code is ultimately checking the cookie pref
 in https://searchfox.org/mozilla-
 esr68/source/toolkit/components/antitracking/AntiTrackingCommon.cpp in the
 respective `IsFirstPartyStorageAccessGrantedFor()` methods and it is
 bailing out early in case we have `network.cookie.cookieBehavior` set to
 `1`
 {{{
   if (behavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
       behavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN) {
     // XXX For non-cookie forms of storage, we handle
 BEHAVIOR_LIMIT_FOREIGN by
     // simply rejecting the request to use the storage. In the future, if
 we
     // change the meaning of BEHAVIOR_LIMIT_FOREIGN to be one which makes
 sense
     // for non-cookie storage types, this may change.
     LOG(("Nothing more to do due to the behavior code %d",
 int(behavior)));
     *aRejectedReason =
 nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN;
     return false;
   }
 }}}
 (that's for both versions of this method where either a window or a
 channel is provided)
 `IsFirstPartyStorageAccessGrantedFor()` is ultimately called from a lot of
 places responsible for things like LocalStorage/SessionStorage and
 [https://searchfox.org/mozilla-esr68/source/dom/base/Document.cpp#3477
 Cookies].

 I am not sure about the principal case here yet.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32002#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list