[tbb-bugs] #31730 [Applications/Tor Browser]: Revert aarch64 fixup for ESR 60-based bundles with Tor Browser 9
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 17 10:30:45 UTC 2019
#31730: Revert aarch64 fixup for ESR 60-based bundles with Tor Browser 9
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status:
| needs_revision
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile, tbb-parity, | Actual Points:
TorBrowserTeam201910 tbb-9.0-must |
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by acat):
In the first version which I didn't push I was doing a similar thing,
reusing the function `read_setting_from_prefs`. I think I switched to just
checking the security level because I thought in any case it would be
possible to set these prefs to `true` without user wanting, and that it
would not be very likely that a user which did not change the security
level slider would have set `ion`, `baselinejit` and `native_regexp`
manually to `false`.
But I think the one you suggest is probably better here, it's on the safer
side. It's true that there could be the case that a user kept level 4 and
just flipped some of `media.webaudio.enabled`, `mathml.disabled`,
`gfx.font_rendering.opentype_svg.enabled` or `svg.disabled`, in which case
with the this fix we would wrongly keep `ion`, `baselinejit` or
`native_regexp` to `false` (with an unnecessary performance hit). But
given that no solution is perfect, I think it's better to prioritize
security over performance.
For both fixes, there's always the case that for a user who kept security
level to 4 and disabled `ion`, `baselinejit` or `native_regexp` we will be
wrongly enabling these. So I think in any case having some warning it's
good, not sure where. Probably somewhere in release notes and/or blog post
is enough.
So here is the revised fix:
https://github.com/acatarineu/torbutton/commit/31730+2
I'm also checking that the slider value is 4, to rule out cases where user
moved the security slider to < 3 but flipped some prefs in a way that
those have the same value as level 4 (very unlikely, but...).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31730#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list