[tor-bugs] #31144 [Applications/Tor Browser]: ESR68 Network Code Review

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 10 09:32:23 UTC 2019 

#31144: ESR68 Network Code Review
-------------------------------------------------+-------------------------
 Reporter:  pili                                 |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  TorBrowserTeam201910, tbb-9.0        |  Actual Points:
  -alpha-must                                    |
Parent ID:                                       |         Points:  10
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:7 mikeperry]:
 > Ok, I'm wrapping this up. I have the following questions/observations
 first:
 > 1. ./devtools/shared/discovery/discovery.js uses UDP multicast for
 debugger discovery. This should only be local network, but maybe we should
 disable it anyway. Do we?

 It seems we disabled that via pref (see: comment:7:ticket:18546 and
 comment:10:ticket:16222). We should make sure this still works.

 > 2. ./dom/presentation/PresentationTCPSessionTransport.cpp seems to use
 TCP for app-to-app communication. Do we disable the DOM presentation
 stuff?

 We have #18862 for that Arthur checked back then that the prefs are
 disabling everything. They are still set to `false` for desktop. We had
 #22165 as well which got upstreamed meanwhile.

 I am not exactly sure what we did when Tor Browser on Android entered the
 picture. sysrqb: did you look at that?

 > 3. ./toolkit/modules/secondscreen/RokuApp.jsm also makes connections..
 ISTR disabling this? Is it off?

 I think it is. We had #16439 for that and are not including `RokuApp.jsm`
 and `SimpleServiceDiscovery.jsm` in our code (it's mobile only since
 https://bugzilla.mozilla.org/show_bug.cgi?id=1393582 landed and there even
 governed by a pref we set to `false`)

 > 4. For Rust, I found sendmsg and recvmsg only in mio and audioipc. I
 think this is fine? (I am asking about those two because Ritter's tool
 whitelisted them and I wanna double check).



 > 5. Otherwise has Ritter's network symbol tool been run on FF68ESR for
 Rust?

 I don't think so. I thought that would be a nice thing to do during the
 network code review.

 I leave the (other) mobile questions to sysrqb.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31144#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list