[tor-commits] [torbutton/maint-1.9.6] Bug 21396: Allow leaking of resource/chrome URIs
gk at torproject.org
gk at torproject.org
Wed Mar 1 20:59:06 UTC 2017
commit fc00aef1fd552784dfca72dcdbb78e72e2f9932e
Author: Georg Koppen <gk at torproject.org>
Date: Wed Mar 1 20:55:34 2017 +0000
Bug 21396: Allow leaking of resource/chrome URIs
Our work around for https://bugzilla.mozilla.org/show_bug.cgi?id=863246
is filtering content requests to resource:// and chrome:// URIs in a way
that neuters this fingerprinting vector while not breaking standard Tor
Browser functionality.
However, there are extensions like Session Manager that are broken with
this strategy. Users who think having extensions like that one working
is much more important than avoiding the possible information leakage
associated with that get a preference they can toggle now.
'extensions.torbutton.resource_and_chrome_uri_fingerprinting' is by
default 'false' but setting it to 'true' effectively disables our
defense we developed in #8725 and related bugs.
---
src/components/content-policy.js | 18 +++++++++++++++---
src/defaults/preferences/preferences.js | 1 +
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/src/components/content-policy.js b/src/components/content-policy.js
index 5c0ecf5..b11c4e7 100644
--- a/src/components/content-policy.js
+++ b/src/components/content-policy.js
@@ -12,8 +12,16 @@ const Cc = Components.classes, Ci = Components.interfaces, Cu = Components.utils
// Import XPCOMUtils object.
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+let { bindPrefAndInit } =
+ Cu.import("resource://torbutton/modules/utils.js", {});
-function ContentPolicy() {}
+function ContentPolicy() {
+ this.uriFingerprinting = null;
+ bindPrefAndInit("extensions.torbutton.resource_and_chrome_uri_fingerprinting",
+ function (enabled) {
+ this.uriFingerprinting = enabled;
+ });
+}
ContentPolicy.prototype = {
classDescription: "ContentPolicy",
@@ -44,9 +52,13 @@ ContentPolicy.prototype = {
shouldLoad: function(aContentType, aContentLocation, aRequestOrigin, aContext, aMimeTypeGuess, aExtra) {
- // Accept if no content URI or scheme is not a resource/chrome.
- if (!aContentLocation || !(aContentLocation.schemeIs('resource') || aContentLocation.schemeIs('chrome')))
+ // Accept if the user does not care, no content URI is available or scheme
+ // is not resource/chrome.
+ if (this.uriFingerprinting || !aContentLocation ||
+ !(aContentLocation.schemeIs('resource') ||
+ aContentLocation.schemeIs('chrome'))) {
return Ci.nsIContentPolicy.ACCEPT;
+ }
// Accept if no origin URI or if origin scheme is chrome/resource/about.
if (!aRequestOrigin || aRequestOrigin.schemeIs('resource') || aRequestOrigin.schemeIs('chrome') || aRequestOrigin.schemeIs('about'))
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index a8eea21..d91fd77 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -39,6 +39,7 @@ pref("extensions.torbutton.startup_state", 2); // 0=non-tor, 1=tor, 2=last
pref("extensions.torbutton.tor_memory_jar",false);
pref("extensions.torbutton.nontor_memory_jar",false);
pref("extensions.torbutton.launch_warning",true);
+pref("extensions.torbutton.resource_and_chrome_uri_fingerprinting",false);
// Opt out of Firefox addon pings:
// https://developer.mozilla.org/en/Addons/Working_with_AMO
pref("extensions.torbutton at torproject.org.getAddons.cache.enabled", false);
More information about the tor-commits
mailing list