[tor-bugs] #31144 [Applications/Tor Browser]: ESR68 Network Code Review
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 10 09:32:23 UTC 2019
#31144: ESR68 Network Code Review
-------------------------------------------------+-------------------------
Reporter: pili | Owner: tbb-
| team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201910, tbb-9.0 | Actual Points:
-alpha-must |
Parent ID: | Points: 10
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:7 mikeperry]:
> Ok, I'm wrapping this up. I have the following questions/observations
first:
> 1. ./devtools/shared/discovery/discovery.js uses UDP multicast for
debugger discovery. This should only be local network, but maybe we should
disable it anyway. Do we?
It seems we disabled that via pref (see: comment:7:ticket:18546 and
comment:10:ticket:16222). We should make sure this still works.
> 2. ./dom/presentation/PresentationTCPSessionTransport.cpp seems to use
TCP for app-to-app communication. Do we disable the DOM presentation
stuff?
We have #18862 for that Arthur checked back then that the prefs are
disabling everything. They are still set to `false` for desktop. We had
#22165 as well which got upstreamed meanwhile.
I am not exactly sure what we did when Tor Browser on Android entered the
picture. sysrqb: did you look at that?
> 3. ./toolkit/modules/secondscreen/RokuApp.jsm also makes connections..
ISTR disabling this? Is it off?
I think it is. We had #16439 for that and are not including `RokuApp.jsm`
and `SimpleServiceDiscovery.jsm` in our code (it's mobile only since
https://bugzilla.mozilla.org/show_bug.cgi?id=1393582 landed and there even
governed by a pref we set to `false`)
> 4. For Rust, I found sendmsg and recvmsg only in mio and audioipc. I
think this is fine? (I am asking about those two because Ritter's tool
whitelisted them and I wanna double check).
> 5. Otherwise has Ritter's network symbol tool been run on FF68ESR for
Rust?
I don't think so. I thought that would be a nice thing to do during the
network code review.
I leave the (other) mobile questions to sysrqb.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31144#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list