[tor-commits] [tor-browser-spec/master] Add FF52 network audit notes.
mikeperry at torproject.org
mikeperry at torproject.org
Tue Apr 4 19:38:37 UTC 2017
commit dd20750a191dd042b6e5744e723968e15b72ecaa
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Tue Apr 4 15:38:22 2017 -0400
Add FF52 network audit notes.
---
audits/FF52_NETWORK_AUDIT | 184 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 184 insertions(+)
diff --git a/audits/FF52_NETWORK_AUDIT b/audits/FF52_NETWORK_AUDIT
new file mode 100644
index 0000000..a249f50
--- /dev/null
+++ b/audits/FF52_NETWORK_AUDIT
@@ -0,0 +1,184 @@
+Lowest level resolver calls:
+ + PR_GetHostByName
+ + security/nss/cmd/libpkix/pkix_pl/pki/test_socket.c (just tests)
+ + security/nss/cmd/vfyserv/vfyserv.c (test)
+ - security/nss/lib/certhigh/ocsp.c
+ + ./netwerk/protocol/rtsp/rtsp/RTSPConnectionHandler.h
+ - MOZ_RTSP -> Only on android. XXX: Verify disabled
+ + ./netwerk/protocol/rtsp/rtsp/ARTSPConnection.cpp
+ - MOZ_RTSP -> Only on android. XXX: Verify disabled
+ + ./security/nss/lib/certhigh/ocsp.c:
+ - Patched (XXX: Verify application)
+ + ./security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+ + pkix_pl_Socket_CreateByName()
+ - Patched (XXX: Verify application)
+ + pkix_pl_Socket_CreateByHostAndPort()
+ - Patched (XXX: Verify application)
+ - ./toolkit/profile/nsProfileLock.cpp
+ - nsProfileLock::LockWithSymlink() looks up 127.0.0.1..
+ - XXX: verify patch
+ - Verify DNS patch (esp with e10s)
+ + PR_GetAddrInfoByName
+ + PR_GetIPNodeByName
+
+UDPSockets
++ security/nss/cmd/certutil/certext.c
+
+FlyWeb: XXX: Disable?? Might be off already. Seems incomplete.
+ - dom/flyweb/FlyWebService.cpp
+ - https://wiki.mozilla.org/FlyWeb
+
+MDNS: (./netwerk/dns/mdns/libmdns/) verify againXXX
+ - @mozilla.org/toolkit/components/mdnsresponder/dns-sd;1
+ - DNSSERVICEDISCOVERY_CONTRACT_ID
+ - ./dom/presentation/provider/MulticastDNSDeviceProvider.cpp
+ - XXX-old: Presentation API?
+ https://developer.mozilla.org/en-US/docs/Web/API/Presentation_API
+ - DNSSERVICEINFO_CONTRACT_ID
+ - ./dom/presentation/provider/MulticastDNSDeviceProvider.cpp
+ - @mozilla.org/toolkit/components/mdnsresponder/dns-info;1
+
+Direct paths to DNS resolution:
+ + nsHostResolver::ResolveHost
+ + Only used by nsDNSService
+ + nsDNSService::Resolve
+ - Patched for safety (XXX: Verify application)
+ + nsDNSService::AsyncResolve
+ - Patched for safety (XXX: Verify application)
+ - ChildDNSService::AsyncResolve and ChildDNSService::Resolve
+ - Possibly only active if MOZILLA_XPCOMRT_API is defined.. But it seems to
+ be.
+ - ./netwerk/dns/ChildDNSService.cpp
+ - XXX: Should patch AsyncResolve and Resolve here, as we do in
+ nsDNSService.
+ - XXX: New parent/child interfaces DNSRequestParent and DNSRequestChild
+ + ./netwerk/ipc/NeckoParent.cpp
+ + Calls into DNS service via DNSRequestParent::DoAsyncResolve()
+ + ./netwerk/ipc/NeckoChild.cpp
+
+XXX Strange things doing DNS:
+ - mtransport (media/mtransport/test/ice_unittest.cpp)
+ - XXX Bleh rolls its own Resolve() using getaddirinfo (not PR_GetAddrInfo)
+ - Pretty sure is disabled.
+ - XXX: StreamingListener::SocketWriter::MakeConnection goes getaddrinfo()
+ - Pretty sure this is just a unit test though.
+ + third_party/rust/libc/src/unix/mod.rs (exports but doens't use getaddrinfo)
+
+SOCK_:
+ - netwerk/base/NetworkInfoServiceCocoa.cpp (SOCK_DGRAM)
+ - netwerk/base/NetworkInfoServiceLinux.cpp
+ - Internal code, possibly for ICE?
+ - nsNetworkInfoService::ListNetworkAddresses
+ - XXX: Used by mDNS and the presentation API (dom/presentation/*)
+ + netwerk/sctp/datachannel/DataChannel.cpp
+ + Disabled via WebRTC
+ - StreamingListener::SocketWriter::MakeConnection
+ - Pretty sure this is just a unit test though.
+
+SOCKET_:
+ + devtools/shared/webconsole/network-monitor.js
+ + Just an observer
+ - dom/network/TCPSocketParent.cpp
+ - Probably OK. Disable via DOM prefs
+ - dom/network/UDPSocketParent.cpp
+ - Probably OK. Disable via DOM prefs
+ - media/mtransport/nr_socket_prsock.cpp
+ - NrUdpSocketIpc::connect_i
+ - NrSocket::connect(nr_transport_addr *addr) {
+ - NrSocket(), NrSocketBase, CreateSocket()
+ - Probably disabled with webrtc? XXX: Check.
+ + nsSocketTransportService
+ + None of the new stuff actually makes new sockets
+ + nsUDPSocket
+ - third_party/rust/url/src/host.rs
+ - XXX: Hrmm.. Fuck to_socket_addrs
+
+UDPSocket:
+ - dom/network/UDPSocket*
+ - Same deal. Disable.
+ + media/mtransport/nr_socket_prsock.cpp
+ + Webrtc again.
+ - netwerk/dns/mdns/libmdns/fallback/MulticastDNS.jsm (XXX: Yikes)
+ - XXX: Ensure mdns is disabled
+
+TCPSocket:
+ - dom/base/Navigator.cpp (hook for MozTcpSocket)
+ - disable
+ - dom/media/bridge/MediaModule.cpp
+ - PeerConnection stuff.
+ - media/mtransport/*
+ - Disable
+ - netwerk/ipc/PNecko.ipdl (hrmm... check full source?)
+
+Rust:
+ + media/libstagefright/binding
+ + netwerk/base/rust-url-capi
+
+-socket: (XPCOM)
+ - dom/flyweb/HttpServer.cpp
+ - Ensure flyweb is disabled
+ - dom/presentation/provider/PresentationControlService.js
+ - Opens local listening sockets. We probably don't want it.
+ - Also appears to do ICE and unproxied TCP..
+ - dom/presentation/provider/LegacyPresentationControlService.js
+
+_SOCKET:
+ - devtools/client/debugger/new/bundle.js
+ - Pretty sure we disable the remote case, yes?
+ - dom/presentation/PresentationTCPSessionTransport.cpp
+ - More listener sockets
+ - netwerk/base/ThrottleQueue.cpp
+ - Seems just to be for timer notification
+
+Android XXX leaks:
+ - HttpUrlConnection
+ - XXX: mobile/android/base/java/org/mozilla/gecko/feeds/FeedFetcher.java
+ (fetchAndParseFeedIfModified)
+ - XXX: mobile/android/base/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java
+ - XXX: mobile/android/base/java/org/mozilla/gecko/search/SearchEngineManager.java
+ - XXX: mobile/android/thirdparty/com/keepsafe/switchboard/SwitchBoard.java
+ - Uses ch.boye.httpclientandroidlib.impl.client.*:
+ - I think this is ok?
+ - /android/
+
+Android Java calls:
+ + Uses HttpURLConnection:
+ + mobile/android/base/java/org/mozilla/gecko/CrashReporter.java
+ + mobile/android/base/java/org/mozilla/gecko/SuggestClient.java
+ + mobile/android/base/java/org/mozilla/gecko/distribution/Distribution.java
+ + mobile/android/search/java/org/mozilla/search/providers/SearchEngineManager.java
+ + mobile/android/stumbler/java/org/mozilla/mozstumbler/service/utils/AbstractCommunicator.java
+ + mobile/android/tests/browser/robocop/src/org/mozilla/gecko/tests/BaseRobocopTest.java
+ + mobile/android/tests/browser/robocop/src/org/mozilla/gecko/tests/testDistribution.java
+ + mobile/android/thirdparty/com/keepsafe/switchboard/SwitchBoard.java
+ + mobile/android/thirdparty/com/squareup/picasso/UrlConnectionDownloader.java
+ + Uses ch.boye.httpclientandroidlib.impl.client.*:
+ + mobile/android/base/java/org/mozilla/gecko/dlc/DownloadContentHelper.java
+ + mobile/android/base/java/org/mozilla/gecko/favicons/LoadFaviconTask.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/FxAccountClient10.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/background/fxa/oauth/FxAccountAbstractClient.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/reading/ReadingListClient.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/jpake/stage/DeleteChannel.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/jpake/stage/GetChannelStage.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/jpake/stage/GetRequestStage.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/jpake/stage/PutRequestStage.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/AbstractBearerTokenAuthHeaderProvider.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/AuthHeaderProvider.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResource.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BaseResourceDelegate.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/BasicAuthHeaderProvider.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/HMACAuthHeaderProvider.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/HawkAuthHeaderProvider.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/ResourceDelegate.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageCollectionRequest.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/net/SyncStorageRequest.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/sync/setup/auth/AuthenticateAccountStage.java
+ + mobile/android/services/src/main/java/org/mozilla/gecko/tokenserver/TokenServerClient.java
+ + mobile/android/tests/background/junit4/src/org/mozilla/android/sync/test/helpers/MockResourceDelegate.java
+ + mobile/android/tests/background/junit4/src/org/mozilla/gecko/sync/net/test/TestHawkAuthHeaderProvider.java
+ + mobile/android/tests/background/junit4/src/org/mozilla/gecko/sync/net/test/TestLiveHawkAuth.java
+ + mobile/android/thirdparty/ch/boye/httpclientandroidlib/client/protocol/ResponseAuthCache.java
+ + mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/client/cache/CachingHttpClientBuilder.java
+ + mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/client/cache/CachingHttpClients.java
+ + mobile/android/thirdparty/ch/boye/httpclientandroidlib/impl/execchain/ProtocolExec.java
+ + mobile/android/thirdparty/com/adjust/sdk/AdjustFactory.java
More information about the tor-commits
mailing list