[tor-bugs] #26553 [Applications/Tor Browser]: Sign our own extensions in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 9 06:35:36 UTC 2018
#26553: Sign our own extensions in Tor Browser
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr, tbb-security, | Actual Points:
GeorgKoppen201808, TorBrowserTeam201808 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by intrigeri):
We at Tails currently patch the add-on signature checking code (on top of
your current patch that adds a whitelist with `if (aAddon.id == […]` aka.
0714762d25415271191503903a9f2fb0627ca38d on the tor-
browser-60.1.0esr-8.0-1 branch) to add uBlock to the list. We've discussed
this on the https://lists.torproject.org/pipermail/tbb-
dev/2017-April/000515.html thread, where it seems that we (TBB team +
Tails) reached a tentative agreement to move the whitelist to a pref. But
so far we failed to write the corresponding code, sorry! FTR on Tails'
side this is tracked on https://labs.riseup.net/code/issues/12571.
It would be extremely helpful if the resolution for this ticket made
things better for us (e.g. keep that patch and create a pref with the list
of allowed unsigned add-ons, empty by default for TBB, where we would add
uBlock) instead of worse. Things would get worse for us if the code that
adds a whitelist with `if (aAddon.id == […]` was fully removed: then we
would need to carry it as part of Tails delta, which is quite ugly and
painful.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26553#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list