[tor-commits] [tor-browser-spec/master] FF45 network audit notes w/ finished XPCOM review.
mikeperry at torproject.org
mikeperry at torproject.org
Fri Apr 22 01:45:27 UTC 2016
commit 4e1a7e2cb23a9f6b7f33bf460f48571e771e951b
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Thu Apr 21 18:46:04 2016 -0700
FF45 network audit notes w/ finished XPCOM review.
---
audits/FF45_NETWORK_AUDIT | 94 +++++++++++++++++++++++++----------------------
1 file changed, 51 insertions(+), 43 deletions(-)
diff --git a/audits/FF45_NETWORK_AUDIT b/audits/FF45_NETWORK_AUDIT
index a11efc9..7f3169a 100644
--- a/audits/FF45_NETWORK_AUDIT
+++ b/audits/FF45_NETWORK_AUDIT
@@ -314,30 +314,35 @@ Misc XPCOM:
+ ./layout/build/nsLayoutModule.cpp
- @mozilla.org/network/*socket* (grep -R "@mozilla.org/network/" . | grep socket | grep -v udp-socket)
- - ./dom/presentation/provider/TCPPresentationServer.js
- - XXX: Server-side listening socket? MDN docs indicate the Presentation
+ + ./dom/network/TCPSocket.cpp
+ + Already checked
+ + ./netwerk/build/nsNetCID.h
+ + ./dom/presentation/provider/TCPPresentationServer.js
+ + XXX: Server-side listening socket? MDN docs indicate the Presentation
stuff is not live yet
- - ./dom/ipc/preload.js
- - ./netwerk/protocol/websocket/WebSocketChannel.cpp
- - ./devtools/shared/security/socket.js
- - ./mobile/android/chrome/content/WebappRT.js
- - ./browser/extensions/loop/chrome/content/modules/MozLoopPushHandler.jsm
- - ./toolkit/modules/Sntp.jsm
- - ./toolkit/modules/secondscreen/RokuApp.jsm
- - ./toolkit/xre/nsAppRunner.cpp
-
- + ./addon-sdk/source/lib/sdk/io/stream.js
- + Addon APIs
+ + https://developer.mozilla.org/en-US/docs/Web/API/Presentation
+ + dom.presentation.enabled is currently false
+ - ./dom/network/TCPServerSocket.cpp
+ - ServerSocket:
+ - Presentation server (disabled)
+ - Android stuff: XXX:
+ - ./dom/media/android/AndroidMediaResourceServer.cpp
+ - ./build/mobile/sutagent/android/
+ - ./gfx/layers/LayerScope.cpp
+ - is this e10s multiprocess stuff?
+ + ./dom/push/PushServiceWebSocket.jsm
+ ./dom/ipc/preload.js
- + ./dom/network/TCPServerSocket.js
- - ./mobile/android/chrome/content/WebappRT.js
- - Debugger?
- - XXX: Pretty sure this is only for 'webapps', but it sets some scary
- prefs that might impact other browser operation if an app is
- installed?
- + ./netwerk/build/nsNetCID.h
+ + ./netwerk/protocol/websocket/WebSocketChannel.cpp
+ + ./netwerk/protocol/websocket/WebSocketChannelParent.cpp
+ + ./services/sync/tps/extensions/mozmill/resource/stdlib/httpd.js
+ + ./browser/extensions/loop/chrome/content/modules/MozLoopPushHandler.jsm
+ + ./toolkit/modules/Sntp.jsm
+ + FxOS only
+ + ./toolkit/modules/secondscreen/RokuApp.jsm
+ + Disabled already
+ + ./toolkit/xre/nsAppRunner.cpp
- Debugger stuff
- - XXX: Has several prefs:
+ - XXX: Has several prefs: Verify we set these
- devtools.webide.enabled
- devtools.debugger.enabled?
- devtools.debugger.remote-enabled
@@ -347,12 +352,16 @@ Misc XPCOM:
- ./toolkit/devtools/client/connection-manager.js
- ./toolkit/devtools/client/dbg-client.jsm
- ./toolkit/devtools/security/socket.js
- - ./toolkit/modules/Sntp.jsm
- - B2G ntp
- - ./toolkit/xre/nsAppRunner.cpp
+ - ./devtools/shared/security/auth.js
+ - ./mobile/android/chrome/content/WebappRT.js
+ - Debugger?
+ - XXX: Pretty sure this is only for 'webapps', but it sets some scary
+ prefs that might impact other browser operation if an app is
+ installed?
+ createTransport()
- - ./netwerk/base/Dashboard.cpp
- -XXX: What the hell is this?
+ + ./netwerk/base/Dashboard.cpp
+ + The only problematic function seems to be requestConnection, used
+ only by tests.
+ Found earlier:
+ ./toolkit/devtools/security/socket.js:
+ ./toolkit/modules/Sntp.jsm:
@@ -363,32 +372,31 @@ Misc XPCOM:
- Misc XPCOM Contract-ID/CID defines:
- NS_*SOCKET*_C should get them all (grep -R "NS_" | grep SOCKET | grep "_C")
- + WebRTC and mtransport (disabled)
+ + WebRTC and mtransport (disabled)a
+ + dom/bluetooth/bluedroid/BluetoothDaemonInterface.cpp (B2G)
+ + dom/presentation/PresentationSessionTransport.cpp
+ + pref dom.presentation.*
+ + dom/media/bridge/MediaModule.cpp
+ + Compiled out by webrtc
+ + netwerk/base/nsIOService.cpp
+ + netwerk/standalone/nsNetModuleStandalone.cpp
+ + netwerk/sctp/datachannel/DataChannel.cpp
+ + Disabled with Webrtc
+ + security/manager/ssl/SSLServerCertVerification.cpp
+ + security/manager/ssl/SharedSSLState.cpp:
+ + Webrtc stuff (disabled)
+ + mtransport stuff (disabled)
- gfx/layers/LayerScope.cpp
- - XXX
-
- + NS_SOCKETTRANSPORTSERVICE_*
- + Proxied if TCP
- + Udp limited to mtransport and webrtc
- + NS_UDPSOCKET_*
-
+ - XXX: e10s?
+ netwerk/protocol/websocket/WebSocketChannel.cpp:
+ netwerk/protocol/http/nsHttpHandler.cpp:
+ netwerk/protocol/http/nsHttpConnectionMgr.cpp:
+ netwerk/protocol/http/TunnelUtils.cpp:
+ netwerk/protocol/ftp/nsFtpConnectionThread.cpp:
+ netwerk/protocol/ftp/nsFtpControlConnection.cpp
- + netwerk/base/nsIOService.cpp:
- + dom/media/bridge/MediaModule.cpp
- + Compiled out by webrtc
- + dom/workers/ServiceWorkerEvents.cpp:
- + dom/bluetooth2/bluedroid/BluetoothDaemonInterface.cpp
- + b2g only
- + security/manager/ssl/src/SSLServerCertVerification.cpp:
+ security/manager/ssl/src/nsNSSCallbacks.cpp:
+ security/manager/ssl/src/nsNSSModule.cpp:
+ security/manager/ssl/src/nsTLSSocketProvider.cpp:
- + security/manager/ssl/src/SharedSSLState.cpp:
+ Gstreamer
@@ -396,7 +404,7 @@ Misc XPCOM:
+ Uses ChannelMediaResource underneath, and ultimately an nsIChannel
+ Only exception seems to be if an RtspMediaResource could be used,
but this appears to be FxOS-only.
- + XXX: Note for FxOS tor support. This may be an issue.
+ - XXX: No, rtsp is now enabled for android!
Android Java calls:
+ Uses HttpURLConnection:
More information about the tor-commits
mailing list