[tor-bugs] #23745 [Applications/Tor Browser]: Tab crashes when using Tor Browser to access Google Drive
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 4 23:44:20 UTC 2017
#23745: Tab crashes when using Tor Browser to access Google Drive
-------------------------------------------------+-------------------------
Reporter: angelotheram2 | Owner: tbb-
| team
Type: defect | Status:
| assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-crash, tbb-e10s, | Actual Points:
TorBrowserTeam201710 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
I was able to reliably reproduce this crash and by bisecting our patches I
tracked it down to our indexedDB patch:
https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-
browser-52.4.0esr-7.5-1&id=31348e47a340494c4002b43d8fb509689f8f7e63
The work for this patch and its predecessor are at #21308 and #16528
respectively.
I also confirmed that if I set "dom.indexedDB.enabled" to true, the
browser no longer crashes. (Flipping this pref is not recommended for
users, because of privacy/tracking implications. I mention it only for
debugging purposes.)
gk observed that the crash is being caused by a block of code in
ActorsParent.cpp:
{{{
if (principalInfo.type() != PrincipalInfo::TSystemPrincipalInfo &&
NS_WARN_IF(!Preferences::GetBool(kPrefIndexedDBEnabled, false))) {
if (aContentParent) {
// The DOM in the other process should have kept us from receiving any
// indexedDB messages so assume that the child is misbehaving.
aContentParent->KillHard("IndexedDB CheckPermission 1");
}
return NS_ERROR_DOM_INDEXEDDB_NOT_ALLOWED_ERR;
}
}}}
But this does not happen if "dom.indexedDB.enabled" is true. I have yet to
investigate why.
In the meantime, I am trying to work out what our strategy should be for
indexedDB.
* indexedDB is a supercookie vector and has not yet been patched to
respect first-party isolation in Tor Browser or Firefox.
* There is [https://bugzilla.mozilla.org/show_bug.cgi?id=781982 a Mozilla
ticket] for enabling a memory-only indexeddb in Firefox but this has not
been resolved. In other words, indexeddb always writes to disk.
* As [https://trac.torproject.org/projects/tor/ticket/16528#comment:7
mikperry pointed out], there wasn't a good way to programmatically clear
indexedDB databases. That issue may have been recently fixed in
[https://bugzilla.mozilla.org/show_bug.cgi?id=1047098 Firefox] and we
should investigate if we can use this in New Identity.
* In PBM, indexedDB is already effectively disabled, even when
"dom.indexedDB.enabled" is true.
* Modernizr was [https://github.com/Modernizr/Modernizr/pull/2030 updated]
a year ago to correctly detect the absence of indexedDB in Firefox PBM.
So here are my thoughts. We should of course continue to disable indexedDB
in PBM until it can be
[https://bugzilla.mozilla.org/show_bug.cgi?id=781982 memory-only],
[https://bugzilla.mozilla.org/show_bug.cgi?id=1047098 programmatically
cleared], and [https://bugzilla.mozilla.org/show_bug.cgi?id=1405884
isolated by first party].
There was a concern that some users might disable PBM and then New
Identity would fail to wipe indexedDB. Do we actually want to claim to
protect users who turn off PBM? That seems possibly out of scope to me. If
that's the case, it seems to me we can rely on indexedDB being disabled in
PBM by Firefox's built-in mechanism and drop the #21308 patch?
But if we want to protect non-PBM users, then we should investigate
whether New Identity can clear indexedDB (#23768). That ticket would be
useful in the future if we wanted to enable indexedDB in PBM as well.
If instead we want to ensure we have disabled indexedDB in non-PBM windows
as well, then I would suggest writing a new patch that simply stops
exposing indexedDB to content by modifying [https://dxr.mozilla.org
/mozilla-
esr52/rev/8abd6da9603d45bb1e29994a480e10affbb8c7d8/dom/webidl/WindowOrWorkerGlobalScope.webidl#61
dom/webidl/WindowOrWorkGlobalScope.webidl], so indexedDB is not exposed
when the pref "dom.indexedDB.enabled" is false.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23745#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list