[tbb-bugs] #21862 [Applications/Tor Browser]: Make rust code in ESR 52 proxy safe
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 2 07:29:08 UTC 2017
#21862: Make rust code in ESR 52 proxy safe
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: ff52-esr, tbb-7.0-must, | Actual Points:
TorBrowserTeam201706R |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Changes (by gk):
* status: needs_review => closed
* resolution: => fixed
Comment:
Replying to [comment:9 arthuredelstein]:
> So it looks to me like this is patching a "third-party library", whereas
we should probably be ripping out something considered to be "first-party"
gecko code.
>
> Another option might be just to remove the whole third-party directory
or even all rust files from the source code.
I think that is a good reminder of what we need to think about once
building Rust parts is mandatory as this is different from the way we
handled a lot of our proxy-bypass-(in-depth)-defenses so far. I think just
for the sake of having those calls out of esr52 the current approach still
seems to be sufficient. And if you can't get the stuff even compiled right
now, even better. :) Thus, I take it as-is.
Applied to `tor-browser-52.1.1esr-7.0-1` and `tor-browser-52.1.0-7.0-2`
(commit 78aa6185cd8d1d11e09495f6e4dc5cbc19e80cba and
88c25c56d96f8fc0801359358d808f0d0e7d4b93) with a changed commit message
pointing out that we probably need a more elaborate approach once we
compile with Rust enabled.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21862#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list