[tor-commits] [torbutton/master] Bug 40043: Delete all plugin-related protections
sysrqb at torproject.org
sysrqb at torproject.org
Fri Aug 27 20:52:54 UTC 2021
commit 0197c6fec132dd0d672fb1f13b5cdb3ad58c57b7
Author: Matthew Finkel <sysrqb at torproject.org>
Date: Wed Aug 25 18:57:34 2021 +0000
Bug 40043: Delete all plugin-related protections
---
chrome/content/torbutton.js | 138 ++------------------------------------------
1 file changed, 5 insertions(+), 133 deletions(-)
diff --git a/chrome/content/torbutton.js b/chrome/content/torbutton.js
index 8c016b39..c05dd605 100644
--- a/chrome/content/torbutton.js
+++ b/chrome/content/torbutton.js
@@ -38,8 +38,6 @@ var m_tb_prefs = Services.prefs;
var m_tb_wasinited = false;
var m_tb_is_main_window = false;
-var m_tb_confirming_plugins = false;
-
var m_tb_control_ipc_file = null; // Set if using IPC (UNIX domain socket).
var m_tb_control_port = null; // Set if using TCP.
var m_tb_control_host = null; // Set if using TCP.
@@ -73,13 +71,8 @@ var torbutton_unique_pref_observer =
m_tb_prefs.addObserver("extensions.torbutton", this, false);
m_tb_prefs.addObserver("browser.privatebrowsing.autostart", this, false);
m_tb_prefs.addObserver("javascript", this, false);
- m_tb_prefs.addObserver("plugin.disable", this, false);
m_tb_prefs.addObserver("privacy.resistFingerprinting", this, false);
m_tb_prefs.addObserver("privacy.resistFingerprinting.letterboxing", this, false);
-
- // We observe xpcom-category-entry-added for plugins w/ Gecko-Content-Viewers
- var observerService = Services.obs;
- observerService.addObserver(this, "xpcom-category-entry-added");
},
unregister: function()
@@ -87,12 +80,8 @@ var torbutton_unique_pref_observer =
m_tb_prefs.removeObserver("extensions.torbutton", this);
m_tb_prefs.removeObserver("browser.privatebrowsing.autostart", this);
m_tb_prefs.removeObserver("javascript", this);
- m_tb_prefs.removeObserver("plugin.disable", this);
m_tb_prefs.removeObserver("privacy.resistFingerprinting", this);
m_tb_prefs.removeObserver("privacy.resistFingerprinting.letterboxing", this);
-
- var observerService = Services.obs;
- observerService.removeObserver(this, "xpcom-category-entry-added");
},
// topic: what event occurred
@@ -100,38 +89,9 @@ var torbutton_unique_pref_observer =
// data: which pref has been changed (relative to subject)
observe: function(subject, topic, data)
{
- if (topic == "xpcom-category-entry-added") {
- // Hrmm. should we inspect subject too? it's just mime type..
- subject.QueryInterface(Ci.nsISupportsCString);
- if (data == "Gecko-Content-Viewers" &&
- !m_tb_prefs.getBoolPref("extensions.torbutton.startup") &&
- m_tb_prefs.getBoolPref("extensions.torbutton.confirm_plugins")) {
- torbutton_log(3, "Got plugin enabled notification: "+subject);
-
- /* We need to protect this call with a flag becuase we can
- * get multiple observer events for each mime type a plugin
- * registers. Thankfully, these notifications arrive only on
- * the main thread, *however*, our confirmation dialog suspends
- * execution and allows more events to arrive until it is answered
- */
- if (!m_tb_confirming_plugins) {
- m_tb_confirming_plugins = true;
- torbutton_confirm_plugins();
- m_tb_confirming_plugins = false;
- } else {
- torbutton_log(3, "Skipping notification for mime type: "+subject);
- }
- }
- return;
- }
-
if (topic != "nsPref:changed") return;
switch (data) {
- case "plugin.disable":
- torbutton_toggle_plugins(
- m_tb_prefs.getBoolPref("plugin.disable"));
- break;
case "browser.privatebrowsing.autostart":
torbutton_update_disk_prefs();
break;
@@ -348,67 +308,6 @@ var torbutton_abouttor_message_handler = {
}
};
-function torbutton_confirm_plugins() {
- var any_plugins_enabled = false;
- var PH=Cc["@mozilla.org/plugin/host;1"].getService(Ci.nsIPluginHost);
- var P=PH.getPluginTags({});
- for(var i=0; i<P.length; i++) {
- if (!P[i].disabled)
- any_plugins_enabled = true;
- }
-
- if (!any_plugins_enabled) {
- torbutton_log(3, "False positive on plugin notification. Ignoring");
- return;
- }
-
- torbutton_log(3, "Confirming plugin usage.");
-
- var prompts = Services.prompt;
-
- // Display two buttons, both with string titles.
- var flags = prompts.STD_YES_NO_BUTTONS + prompts.BUTTON_DELAY_ENABLE;
-
- var message = torbutton_get_property_string("torbutton.popup.confirm_plugins");
- var askAgainText = torbutton_get_property_string("torbutton.popup.never_ask_again");
- var askAgain = {value: false};
-
- var wm = Services.wm;
- var win = wm.getMostRecentWindow("navigator:browser");
- var no_plugins = (prompts.confirmEx(win, "", message, flags, null, null, null,
- askAgainText, askAgain) == 1);
-
- m_tb_prefs.setBoolPref("extensions.torbutton.confirm_plugins", !askAgain.value);
-
- // The pref observer for "plugin.disable" will set the appropriate plugin state.
- // So, we only touch the pref if it has changed.
- if (no_plugins !=
- m_tb_prefs.getBoolPref("plugin.disable"))
- m_tb_prefs.setBoolPref("plugin.disable", no_plugins);
- else
- torbutton_toggle_plugins(no_plugins);
-
- // Now, if any tabs were open to about:addons, reload them. Our popup
- // messed up that page.
- var browserEnumerator = wm.getEnumerator("navigator:browser");
-
- // Check each browser instance for our URL
- while (browserEnumerator.hasMoreElements()) {
- var browserWin = browserEnumerator.getNext();
- var tabbrowser = browserWin.gBrowser;
-
- // Check each tab of this browser instance
- var numTabs = tabbrowser.browsers.length;
- for (var index = 0; index < numTabs; index++) {
- var currentBrowser = tabbrowser.getBrowserAtIndex(index);
- if ("about:addons" == currentBrowser.currentURI.spec) {
- torbutton_log(3, "Got browser: "+currentBrowser.currentURI.spec);
- currentBrowser.reload();
- }
- }
- }
-}
-
// Bug 1506 P4: Control port interaction. Needed for New Identity.
function torbutton_socket_readline(input) {
var str = "";
@@ -530,7 +429,7 @@ torbutton_new_identity = async function() {
}
/* The "New Identity" implementation does the following:
- * 1. Disables Javascript and plugins on all tabs
+ * 1. Disables Javascript
* 2. Clears state:
* a. OCSP
* b. Cache + image cache
@@ -544,9 +443,8 @@ torbutton_new_identity = async function() {
* j. permissions
* k. site security settings (e.g. HSTS)
* l. IndexedDB and other DOM storage
- * m. plugin data
- * n. media devices
- * o. predictor network data
+ * m. media devices
+ * n. predictor network data
* 3. Sends tor the NEWNYM signal to get a new circuit
* 4. Opens a new window with the default homepage
* 5. Closes this window
@@ -696,14 +594,12 @@ async function torbutton_do_new_identity() {
}
torbutton_log(3, "New Identity: Clearing storage");
- torbutton_log(3, "New Identity: Clearing plugin data");
torbutton_log(3, "New Identity: Clearing media devices");
torbutton_log(3, "New Identity: Clearing predictor network data");
try {
await clearData(
Services.clearData.CLEAR_DOM_STORAGES |
- Services.clearData.CLEAR_PLUGIN_DATA |
Services.clearData.CLEAR_MEDIA_DEVICES |
Services.clearData.CLEAR_PREDICTOR_NETWORK_DATA
);
@@ -1081,27 +977,6 @@ async function torbutton_tor_check_ok()
return (checkSvc.kCheckFailed != checkSvc.statusOfTorCheck);
}
-// Bug 1506 P5: Despite the name, this is the way we disable
-// plugins for Tor Browser, too.
-//
-// toggles plugins: true for disabled, false for enabled
-function torbutton_toggle_plugins(disable_plugins) {
- var PH=Cc["@mozilla.org/plugin/host;1"].getService(Ci.nsIPluginHost);
- var P=PH.getPluginTags({});
- for(var i=0; i<P.length; i++) {
- if ("enabledState" in P[i]) { // FF24
- // FIXME: DOCDOC the reasoning for the isDisabled check, or remove it.
- var isDisabled = (P[i].enabledState == Ci.nsIPluginTag.STATE_DISABLED);
- if (!isDisabled && disable_plugins)
- P[i].enabledState = Ci.nsIPluginTag.STATE_DISABLED;
- else if (isDisabled && !disable_plugins)
- P[i].enabledState = Ci.nsIPluginTag.STATE_CLICKTOPLAY;
- } else if (P[i].disabled != disable_plugins) { // FF17
- P[i].disabled=disable_plugins;
- }
- }
-}
-
function torbutton_update_disk_prefs() {
var mode = m_tb_prefs.getBoolPref("browser.privatebrowsing.autostart");
@@ -1194,7 +1069,7 @@ function torbutton_clear_cookies() {
cm.removeAll();
}
-// -------------- JS/PLUGIN HANDLING CODE ---------------------
+// -------------- JS HANDLING CODE ---------------------
// Bug 1506 P3: Defense in depth. Disables JS and events for New Identity.
function torbutton_disable_browser_js(browser) {
var eventSuppressor = null;
@@ -1233,6 +1108,7 @@ function torbutton_disable_browser_js(browser) {
function torbutton_disable_window_js(win) {
var browser = win.gBrowser;
if (!browser) {
+ // TODO is this still needed?
torbutton_log(5, "No browser for plugin window...");
return;
}
@@ -1328,10 +1204,6 @@ function torbutton_do_main_window_startup()
function torbutton_do_startup()
{
if(m_tb_prefs.getBoolPref("extensions.torbutton.startup")) {
- // Bug 1506: Still want to do this
- torbutton_toggle_plugins(
- m_tb_prefs.getBoolPref("plugin.disable"));
-
// Bug 1506: Should probably be moved to an XPCOM component
torbutton_do_main_window_startup();
More information about the tor-commits
mailing list