[tor-commits] [tor-browser-spec/master] Commit FF38 audit notes (incomplete).
mikeperry at torproject.org
mikeperry at torproject.org
Thu Jun 18 23:44:41 UTC 2015
commit 989c423b71698e85421c6a85a5855506cea530d5
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Thu Jun 18 15:56:54 2015 -0700
Commit FF38 audit notes (incomplete).
Still need to finish XPCOM socket auditing.
---
audits/FF38_NETWORK_AUDIT | 269 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 269 insertions(+)
diff --git a/audits/FF38_NETWORK_AUDIT b/audits/FF38_NETWORK_AUDIT
new file mode 100644
index 0000000..dfcdf8c
--- /dev/null
+++ b/audits/FF38_NETWORK_AUDIT
@@ -0,0 +1,269 @@
+Lowest level resolver calls:
+ + PR_GetHostByName
+ + ./profile/dirserviceprovider/src/nsProfileLock.cpp
+ + nsProfileLock::LockWithSymlink() looks up 127.0.0.1..
+ + XXX: Should we remove this? It seems kind of silly.
+ + ./nsprpub/pr/src/cplus/rcnetdb.cpp
+ + RCHostLookup::ByName()
+ + Not used
+ + ./security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+ + XXX: pkix_pl_Socket_CreateByName and pkix_pl_Socket_CreateByHostAndPort
+ + Patched
+ + ./security/nss/lib/certhigh/ocsp.c
+ + XXX: ocsp_ConnectToHost
+ + Patched
+ + PR_GetIPNodeByName
+ + Used by tests only
+ + PR_StringToNetAddr
+ + Passes AI_NUMERICHOST to getaddrinfo. No resolution.
+ + PR_GetAddrInfoByName
+ + ./security/nss/cmd/ usage (NSS cli commands only)
+ + ./netwerk/dns/GetAddrInfo.cpp
+ + ./netwerk/dns/nsHostResolver.cpp
+ + nsHostResolver::ResolveHost() is entrypoint
+ + nsHostResolver::ThreadFunc() will resolve without SOCKS
+ + Only used by nsDNSService2
+
+Direct paths to DNS resolution:
+ + nsDNSService::Resolve
+ + nsDNSService::AsyncResolve
+ + Patched for safety
+ + nsHostResolver::ResolveHost
+ + Only used by nsDNSService
+
+Misc UDP (SOCK_DGRAM, PR_DESC_SOCKET_UDP):
+ + PR_DESC_SOCKET_UDP
+ + ./nsprpub/pr/src/md/os2/os2io.c
+ + ./nsprpub/pr/src/cplus/rcio.h
+ + RCFileIO (not used)
+ + RCNetStreamIO (not used)
+ + ./nsprpub/pr/src/io/prsocket.c
+ + PR_GetUDPMethods
+ + ./nsprpub/pr/src/misc/prinit.c
+ + PR_GetInheritedFD
+ + ./nsprpub/pr/src/pthreads/ptio.c
+ + SOCK_DGRAM
+ + Android junk (not relevant):
+ + ./other-licenses/android/res_send.c
+ + ./other-licenses/android/res_init.c
+ + ./other-licenses/android/getaddrinfo.c
+ + ./hal/gonk/UeventPoller.cpp
+ + netlink stuff
+ + ./ipc/chromium/src/third_party/libevent/evdns.c
+ + evdns is unused
+ + ./ipc/chromium/src/third_party/libevent/evutil.c
+ + interface checking functions. Unused.
+ + ./media/webrtc/*
+ + Disabled
+ + ./media/mtransport/third_party/nICEr/src/stun/addrs.c
+ + boils down to NrIceCtx::StartGathering
+ + Used only for PeerConnection, which we disable
+ + SCTP is only enabled with WEBRTC (see configure.in, netwerk/moz.build, and ./dom/base/moz.build)
+ + ./netwerk/sctp/src/netinet/sctputil.c
+ + ./netwerk/sctp/src/netinet/sctp_userspace.c
+ + ./netwerk/sctp/src/netinet/sctp_pcb.c
+ + ./netwerk/sctp/src/ifaddrs_android.cpp
+ + ./netwerk/sctp/src/user_recv_thread.c
+ + ./netwerk/wifi/nsWifiScannerFreeBSD.cpp
+ + GeoIP stuff. Is disabled.
+ + ./nsprpub/pr/src/io/prsocket.c
+ + PR_NewUDPSocket
+ + PR_OpenUDPSocket
+ + PR_Socket
+ + ./nsprpub/pr/src/pthreads/ptio.c
+ + PR_NewUDPSocket
+ + ./media/mtransport/nr_socket_prsock.cpp
+ + Disabled with WebRTC
+ + PR_OpenUDPSocket
+ + RTSP is only on Android (see configure.in, pref: media.rtsp.enabled):
+ + ./netwerk/protocol/rtsp/rtsp/ARTPSession.cpp
+ + ./netwerk/protocol/rtsp/rtsp/ARTPConnection.cpp
+ + ./netwerk/protocol/rtsp/rtsp/ARTPWriter.cpp
+ + ./netwerk/protocol/rtsp/rtsp/UDPPusher.cpp
+ + ./netwerk/base/src/Tickler.cpp
+ + Sends UDP packets to DHCP gateway, but only on android
+ + ./netwerk/socket/nsUDPSocketProvider.cpp
+ + NewSocket(). Unused.
+ + ./netwerk/base/src/ProxyAutoConfig.cpp
+ + We don't use PAC.
+ + ./netwerk/base/src/nsUDPSocket.cpp
+ + Unused except for nsUDPSocketProvider
+ + PR_ImportUDPSocket
+ + Only called if NSPR_INHERIT_FDS in environment
+
+Misc TCP (SOCK_STREAM, PR_DESC_SOCKET_TCP):
+ + PR_DESC_SOCKET_TCP
+ + ./nsprpub/pr/src/md/os2/os2io.c
+ + OS/2 only
+ + ./nsprpub/pr/src/cplus/rcio.h
+ + RCFileIO (not used)
+ + RCNetStreamIO (not used)
+ + ./nsprpub/pr/src/io/pripv6.c
+ + Underlying wrapper for PR_Socket
+ + ./nsprpub/pr/src/io/prsocket.c
+ + ./nsprpub/pr/src/misc/prinit.c
+ + ./nsprpub/pr/src/pthreads/ptio.c
+ + ./netwerk/base/src/nsSocketTransportService2.cpp
+ + SOCK_STREAM
+ + ./dom/bluetooth/bluez/BluetoothUnixSocketConnector.cpp
+ + bluetooth sockets only
+ + ./dom/system/gonk/VolumeManager.cpp
+ + local only
+ + ./ipc/chromium/src/chrome/common/ipc_channel_posix.cc
+ + AF_UNIX/local only
+ + ./ipc/chromium/src/third_party/libevent/event.c
+ + ./ipc/chromium/src/third_party/libevent/evutil.c
+ + ./ipc/chromium/src/third_party/libevent/listener.c
+ + ./ipc/chromium/src/third_party/libevent/bufferevent_sock.c
+ + ./ipc/chromium/src/third_party/libevent/signal.c
+ + ./ipc/chromium/src/third_party/libevent/http.c
+ + ./ipc/chromium/src/third_party/libevent/event_iocp.c
+ + ./ipc/keystore/KeyStore.cpp
+ + AF_LOCAL only
+ + ./ipc/nfc/Nfc.cpp
+ + local/loopback only
+ + ./ipc/ril/Ril.cpp
+ + local/loopback only
+ + ./ipc/netd/Netd.cpp
+ + local only
+ + ./media/webrtc/* - disabled
+ + ./netwerk/dns/GetAddrInfo.cpp
+ + Only available through dns service
+ + ./mozglue/build/Nuwa.cpp
+ + Unix sockets only
+ + ./nsprpub/pr/src/misc/prnetdb.c
+ + RTSP and SCTP are disabled if WebRTC is compiled out
+ + ./netwerk/protocol/rtsp/rtsp/ARTSPConnection.cpp
+ + ./netwerk/sctp/src/netinet/sctp_pcb.c
+ + ./netwerk/sctp/src/user_socket.c
+ + ./netwerk/sctp/datachannel/DataChannel.cpp
+ + Android stuff: disabled
+ + ./other-licenses/android/res_send.c
+ + ./other-licenses/android/getaddrinfo.c
+ + ./nsprpub/pr/src/md/windows/ntio.c
+ + ./nsprpub/pr/src/cplus/rcnetio.cpp
+ + ./nsprpub/pr/src/io/prsocket.c
+ + ./nsprpub/pr/src/misc/prnetdb.c
+ + ./nsprpub/pr/src/pthreads/ptio.c
+ + ./toolkit/crashreporter/google-breakpad/src/client/linux/crash_generation/crash_generation_client.cc
+ + AF_UNIX socket..
+ + PR_NewTCPSocket
+ + ./nsprpub/pr/src/cplus/rcnetio.cpp
+ + ./nsprpub/pr/src/io/prpolevt.c
+ + ./media/mtransport/nr_socket_prsock.cpp
+ + WebRTC only
+ + ./security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+ + pkix_pl_Socket_CreateClient
+ + pkix_pl_Socket_CreateByHostAndPort and pkix_pl_Socket_CreateByName
+ and pkix_pl_Socket_Create
+ + PKIX_PL_LdapDefaultClient_Create is unused. Other two noted above.
+ + Patched in pkix_pl_Socket_Create anyway.
+ + ./security/nss/lib/certhigh/ocsp.c
+ + ocsp_ConnectToHost. Patched for Defense in Depth
+ + PR_OpenTCPSocket
+ + ./security/manager/ssl/src/nsNSSIOLayer.cpp
+ + nsSSLIOLayerNewSocket
+ + ./security/manager/ssl/src/nsTLSSocketProvider.cpp
+ + nsTLSSocketProvider::NewSocket
+ + ./security/manager/ssl/src/nsSSLSocketProvider.cpp
+ + nsSSLSocketProvider::NewSocket (nsISocketProvider)
+ + nsISocketProvider.newSocket
+ + used with proxy settings (and only in nsSocketTransport::BuildSocket)
+ + ./netwerk/socket/nsSOCKSIOLayer.cpp
+ + ./netwerk/socket/nsSOCKSSocketProvider.cpp
+ + ./netwerk/base/src/nsSocketTransportService2.cpp
+ + ./netwerk/base/src/nsSocketTransport2.cpp
+ + ./netwerk/base/src/nsServerSocket.cpp
+ + PR_ImportTCPSocket
+
+Misc PR_Socket:
+ + ./nsprpub/pr/src/io/prmapopt.c
+ + ./nsprpub/pr/src/cplus/rcnetio.cpp
+ + RCNetStreamIO::RCNetStreamIO
+
+Misc XPCOM:
+ + *SocketProvider
+ + newSocket
+ + ./netwerk/base/src/nsSocketTransport2.cpp:
+ + used with proxy settings
+ + addToSocket
+ + @mozilla.org/*/udp-socket (grep for udp-socket)
+ + dom/push/PushService.jsm:
+ + WTF. _listenForUDPWakeup!!!
+ + Controlled by pref services.push.udp.wakeupEnabled
+ + And also services.push.enabled
+ + Currently false
+ + XXX: Verify false on android and in the future!
+ + dom/network/UDPSocket.cpp:
+ + dom.udpsocket.enabled prefs this off
+ + XXX: Watch this in the future!
+ + dom/apps/PermissionsTable.jsm
+ + dom/webidl/SocketCommon.webidl
+ + dom/webidl/UDPSocket.webidl
+ + layout/build/nsLayoutModule.cpp
+ + ./netwerk/build/nsNetCID.h
+ + NS_SOCKETTRANSPORTSERVICE_*
+ + Proxied if TCP
+ + Udp limited to mtransport and webrtc
+ + NS_UDPSOCKET_*
+ - toolkit/devtools/discovery/discovery.js
+ - XXX: Wtf is this thing?
+ - Part of "WebIDE", but seemingly not enabled until FF39?
+ - toolkit/modules/secondscreen/SimpleServiceDiscovery.jsm
+ - XXX: wtf is this thing?
+ + @mozilla.org/*/tcp-socket-* (grep for tcp-socket)
+ - ./toolkit/modules/secondscreen/RokuApp.jsm
+ - XXX: Android-only? But def proxy-bypass
+ + ./netwerk/protocol/rtsp/ (disabled)
+ - ./dom/network/TCPSocket.js
+ - XXX: possibly exposed via navigator.mozTCPSocket.. dom.mozTCPSocket.enabled pref control.. Android/FxOS only?
+ - https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mozTCPSocket
+ - ./dom/network/TCPSocket.manifest
+ + ./dom/apps/tests/marketplace/marketplace_privileged_app.webapp
+ + ./dom/apps/PermissionsTable.jsm
+ - ./browser/extensions/shumway/chrome/RtmpUtils.jsm
+ - XXX: shumway.rtmp.enabled governs usage of createSocket
+ - ./browser/extensions/shumway/chrome/viewerWrapper.js
+ - ./browser/extensions/shumway/chrome/content.js
+ - ./browser/extensions/shumway/content/shumway.player.js can also use
+ mozTCPSocket
+ + ./layout/build/nsLayoutModule.cpp
+ - @mozilla.org/network/*socket* (grep -R "@mozilla.org/network/" . | grep socket | grep -v udp-socket)
+ + ./addon-sdk/source/lib/sdk/io/stream.js
+ + Addon APIs
+ + ./dom/ipc/preload.js
+ + ./dom/network/TCPServerSocket.js
+ - ./mobile/android/chrome/content/WebappRT.js
+ - Debugger?
+ - XXX: Pretty sure this is only for 'webapps', but it sets some scary
+ prefs that might impact other browser operation if an app is
+ installed?
+ + ./netwerk/build/nsNetCID.h
+ - Debugger stuff
+ - XXX: Has several prefs:
+ - devtools.debugger.enabled?
+ - devtools.debugger.remote-enabled
+ - devtools.debugger.force-local
+ - devtools.remote.tls-handshake-timeout
+ - ./toolkit/devtools/server/main.js
+ - ./toolkit/devtools/client/connection-manager.js
+ - ./toolkit/devtools/server/main.js
+ - ./toolkit/devtools/client/dbg-client.jsm
+ - ./toolkit/devtools/security/socket.js
+ - ./toolkit/modules/Sntp.jsm
+ - B2G ntp
+ - ./toolkit/xre/nsAppRunner.cpp
+ - createTransport()
+ + ./netwerk/protocol/http/nsHttpConnectionMgr.cpp
+ + ./netwerk/protocol/ftp/nsFtpConnectionThread.cpp
+ + ./netwerk/protocol/ftp/nsFtpControlConnection.cpp
+
+- Misc XPCOM Contract-ID/CID defines:
+ - NS_*SOCKET*_C should get them all (grep -R "NS_" | grep SOCKET | grep "_C")
+
++ Gstreamer
+ + ./dom/media/gstreamer/GStreamerDecoder.cpp
+ + Uses ChannelMediaResource underneath, and ultimately an nsIChannel
+ + Only exception seems to be if an RtspMediaResource could be used,
+ but this appears to be FxOS-only.
+ + XXX: Note for FxOS tor support. This may be an issue.
More information about the tor-commits
mailing list