[tor-bugs] #19478 [Applications/Tor Browser]: File API leaks ms-resolution time
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 27 20:02:59 UTC 2016
#19478: File API leaks ms-resolution time
-------------------------------------------------+-------------------------
Reporter: arthuredelstein | Owner:
Type: defect | arthuredelstein
Priority: Medium | Status:
Component: Applications/Tor Browser | needs_review
Severity: Normal | Milestone:
Keywords: tbb-fingerprinting, | Version:
TorBrowserTeam201606R | Resolution:
Parent ID: | Actual Points:
Reviewer: | Points:
| Sponsor:
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
Replying to [comment:6 mcs]:
> Replying to [comment:4 gk]:
> > Hm. `new Date.getTime()` gives me something like 1467036079100 and
`Math.floor(new File([], "").lastModified / 100000) * 100000)`
1467036100000 or 1467036400000 or something similar. It seems your code is
not rounding to 100ms?
>
> The units for mLastModificationDate are microseconds, so part of the
patch will need to be changed.
Thanks everyone for having a look at this patch. I used 100000 exactly
because that mLastModificationDate variable is in microseconds, so my
feeling is the patch is correct. What part do you have in mind that needs
to be changed?
Here are relevant lines from the mochitest on OS X. I think it is
correctly rounding to the most recent 100 ms.
{{{
7 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new
Date().getTime()' should be rounded to nearest 100 ms; saw 1467057044400
[snip]
13 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new File([],
"").lastModified' should be rounded to nearest 100 ms; saw 1467057044500
14 INFO TEST-PASS | tbb-tests/test_tor_bug1517.html | 'new File([],
"").lastModifiedDate.getTime()' should be rounded to nearest 100 ms; saw
1467057044500
}}}
> I am not sure how to fix the tests to detect when values are rounded too
much. Maybe by using a real file with a known modified date?
If we bind this behavior to a pref (perhaps in the upstreamed version) and
then measure the same value with pref on and off, it should be possible to
test that the two values are within 100 ms. But since we don't have that
pref right now, I would be inclined to just do manual tests for now.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19478#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list