Loading src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch 0 → 100644 +50 −0 Original line number Diff line number Diff line From 1c2ccbea73720db5405602e4033c69b706068a8b Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@torproject.org> Date: Wed, 1 Feb 2012 15:40:40 -0800 Subject: [PATCH 01/24] Block Components.interfaces,lookupMethod from content This patch removes the ability of content script to access Components.interfaces.* as well as call or access Components.lookupMethod. These two interfaces seem to be exposed to content script only to make our lives difficult. Components.lookupMethod can undo our JS hooks, and Components.interfaces is useful for fingerprinting the platform, OS, and Firebox version. They appear to have no other legitimate use. See also: https://bugzilla.mozilla.org/show_bug.cgi?id=429070 https://trac.torproject.org/projects/tor/ticket/2873 https://trac.torproject.org/projects/tor/ticket/2874 --- js/xpconnect/src/XPCComponents.cpp | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp index 38bfe08..7224b9b 100644 --- a/js/xpconnect/src/XPCComponents.cpp +++ b/js/xpconnect/src/XPCComponents.cpp @@ -4502,7 +4502,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval) NS_IMETHODIMP nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) { - static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; + // XXX: Pref observer? Also, is this what we want? Seems like a plan + //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; + static const char* allowed[] = { "isSuccessCode", nsnull }; *_retval = xpc_CheckAccessList(methodName, allowed); return NS_OK; } @@ -4511,7 +4513,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c NS_IMETHODIMP nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) { - static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; + // XXX: Pref observer? Also, is this what we want? Seems like a plan + // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; + static const char* allowed[] = { "results", nsnull}; *_retval = xpc_CheckAccessList(propertyName, allowed); return NS_OK; } -- 1.7.5.4 src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch 0 → 100644 +94 −0 Original line number Diff line number Diff line From cd983b1b57b1f4ae10c8deec5aa12ec957fdc855 Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@torproject.org> Date: Wed, 1 Feb 2012 15:45:16 -0800 Subject: [PATCH 02/24] Make Permissions Manager memory-only This patch exposes a pref 'permissions.memory_only' that properly isolates the permissions manager to memory, which is responsible for all user specified site permissions, as well as stored STS policy. The pref does successfully clear the permissions manager memory if toggled. It does not need to be set in prefs.js, and can be handled by Torbutton. https://trac.torproject.org/projects/tor/ticket/2950 --- extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++-- 1 files changed, 31 insertions(+), 3 deletions(-) diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp index 67eb216..12cc7cf 100644 --- a/extensions/cookie/nsPermissionManager.cpp +++ b/extensions/cookie/nsPermissionManager.cpp @@ -58,6 +58,10 @@ #include "mozStorageHelper.h" #include "mozStorageCID.h" #include "nsXULAppAPI.h" +#include "nsCOMPtr.h" +#include "nsIPrefService.h" +#include "nsIPrefBranch.h" +#include "nsIPrefBranch2.h" static nsPermissionManager *gPermissionManager = nsnull; @@ -203,6 +207,11 @@ nsPermissionManager::Init() mObserverService->AddObserver(this, "profile-do-change", true); } + nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID); + if (pbi) { + pbi->AddObserver("permissions.", this, PR_FALSE); + } + if (IsChildProcess()) { // Get the permissions from the parent process InfallibleTArray<IPC::Permission> perms; @@ -251,8 +260,18 @@ nsPermissionManager::InitDB(bool aRemoveFile) if (!storage) return NS_ERROR_UNEXPECTED; + bool memory_db = false; + nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); + if (prefs) { + prefs->GetBoolPref("permissions.memory_only", &memory_db); + } + // cache a connection to the hosts database - rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + if (memory_db) { + rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); + } else { + rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + } NS_ENSURE_SUCCESS(rv, rv); bool ready; @@ -262,7 +281,11 @@ nsPermissionManager::InitDB(bool aRemoveFile) rv = permissionsFile->Remove(false); NS_ENSURE_SUCCESS(rv, rv); - rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + if (memory_db) { + rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); + } else { + rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + } NS_ENSURE_SUCCESS(rv, rv); mDBConn->GetConnectionReady(&ready); @@ -783,7 +806,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT { ENSURE_NOT_CHILD_PROCESS; - if (!nsCRT::strcmp(aTopic, "profile-before-change")) { + if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { + if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) { + // XXX: Should we remove the file? Probably not.. + InitDB(PR_FALSE); + } + } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) { // The profile is about to change, // or is going away because the application is shutting down. if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) { -- 1.7.5.4 src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch 0 → 100644 +43 −0 Original line number Diff line number Diff line From f100a7979e1a44863a8a67a09743f0e17b5dd14e Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@fscked.org> Date: Fri, 19 Aug 2011 17:58:23 -0700 Subject: [PATCH 03/24] Make Intermediate Cert Store memory-only. This patch makes the intermediate SSL cert store exist in memory only. The pref must be set before startup in prefs.js. https://trac.torproject.org/projects/tor/ticket/2949 --- security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++- 1 files changed, 14 insertions(+), 1 deletions(-) diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp index a08c4ef..0ec3713 100644 --- a/security/manager/ssl/src/nsNSSComponent.cpp +++ b/security/manager/ssl/src/nsNSSComponent.cpp @@ -1730,8 +1730,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox) // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as // "/usr/lib/nss/libnssckbi.so". PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; - SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "", + bool nocertdb = false; + mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb); + + // XXX: We can also do the the following to only disable the certdb. + // Leaving this codepath in as a fallback in case InitNODB fails + if (nocertdb) + init_flags |= NSS_INIT_NOCERTDB; + + SECStatus init_rv; + if (nocertdb) { + init_rv = ::NSS_NoDB_Init(NULL); + } else { + init_rv = ::NSS_Initialize(profileStr.get(), "", "", SECMOD_DB, init_flags); + } if (init_rv != SECSuccess) { PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get())); -- 1.7.5.4 src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch 0 → 100644 +85 −0 Original line number Diff line number Diff line From d674d09bc233d200b1ebc47f8e6ac4ebd6e4225a Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@fscked.org> Date: Fri, 2 Sep 2011 20:47:02 -0700 Subject: [PATCH 04/24] Add a string-based cacheKey. Used for isolating cache according to same-origin policy. --- netwerk/base/public/nsICachingChannel.idl | 7 +++++++ netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ netwerk/protocol/http/nsHttpChannel.h | 1 + 3 files changed, 30 insertions(+), 0 deletions(-) diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl index 2da46d6..4ee5774 100644 --- a/netwerk/base/public/nsICachingChannel.idl +++ b/netwerk/base/public/nsICachingChannel.idl @@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel attribute nsISupports cacheKey; /** + * Set/get the cache domain... uniquely identifies the data in the cache + * for this channel. Holding a reference to this key does NOT prevent + * the cached data from being removed. + */ + attribute AUTF8String cacheDomain; + + /** * Specifies whether or not the data should be cached to a file. This * may fail if the disk cache is not present. The value of this attribute * is usually only settable during the processing of a channel's diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index dec2a83..97bd84c 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -2392,6 +2392,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, cacheKey.Append(buf); } + if (strlen(mCacheDomain.get()) > 0) { + cacheKey.AppendLiteral("domain="); + cacheKey.Append(mCacheDomain.get()); + cacheKey.AppendLiteral("&"); + } + if (!cacheKey.IsEmpty()) { cacheKey.AppendLiteral("uri="); } @@ -4695,6 +4701,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value) } NS_IMETHODIMP +nsHttpChannel::GetCacheDomain(nsACString &value) +{ + value = mCacheDomain; + + return NS_OK; +} + +NS_IMETHODIMP +nsHttpChannel::SetCacheDomain(const nsACString &value) +{ + mCacheDomain = value; + + return NS_OK; +} + +NS_IMETHODIMP nsHttpChannel::GetOfflineCacheClientID(nsACString &value) { value = mOfflineCacheClientID; diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h index 88ce469..53538cf 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -303,6 +303,7 @@ private: nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; nsCacheAccessMode mOfflineCacheAccess; nsCString mOfflineCacheClientID; + nsCString mCacheDomain; // auth specific data nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; -- 1.7.5.4 src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch 0 → 100644 +85 −0 Original line number Diff line number Diff line From 88a390822d232ba037de1f15091977ca7e1064bf Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@torproject.org> Date: Wed, 1 Feb 2012 15:50:15 -0800 Subject: [PATCH 05/24] Block all plugins except flash. We cannot use the @mozilla.org/extensions/blocklist;1 service, because we actually want to stop plugins from ever entering the browser's process space and/or executing code (for example, AV plugins that collect statistics/analyse urls, magical toolbars that phone home or "help" the user, skype buttons that ruin our day, and censorship filters). Hence we rolled our own. See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings on a better way. Until then, it is delta-darwinism for us. --- dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++ dom/plugins/base/nsPluginHost.h | 2 ++ 2 files changed, 35 insertions(+), 0 deletions(-) diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp index 992bcd4..f56f231 100644 --- a/dom/plugins/base/nsPluginHost.cpp +++ b/dom/plugins/base/nsPluginHost.cpp @@ -1968,6 +1968,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag) return false; } +PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile) +{ + nsCString leaf; + const char *leafStr; + nsresult rv; + + rv = pluginFile->GetNativeLeafName(leaf); + if (NS_FAILED(rv)) { + return PR_TRUE; // fuck 'em. blacklist. + } + + leafStr = leaf.get(); + + if (!leafStr) { + return PR_TRUE; // fuck 'em. blacklist. + } + + // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin, + // NPSWF32.dll, NPSWF64.dll + if (strstr(leafStr, "libgnashplugin") == leafStr || + strstr(leafStr, "libflashplayer") == leafStr || + strstr(leafStr, "Flash Player") == leafStr || + strstr(leafStr, "NPSWF") == leafStr) { + return PR_FALSE; + } + + return PR_TRUE; // fuck 'em. blacklist. +} + typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void); nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, @@ -2101,6 +2130,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, continue; } + if (GhettoBlacklist(localfile)) { + continue; + } + // if it is not found in cache info list or has been changed, create a new one if (!pluginTag) { nsPluginFile pluginFile(localfile); diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h index 39a8891..c262abf 100644 --- a/dom/plugins/base/nsPluginHost.h +++ b/dom/plugins/base/nsPluginHost.h @@ -278,6 +278,8 @@ private: // Loads all cached plugins info into mCachedPlugins nsresult ReadPluginInfo(); + PRBool GhettoBlacklist(nsIFile *pluginFile); + // Given a file path, returns the plugins info from our cache // and removes it from the cache. void RemoveCachedPluginsInfo(const char *filePath, -- 1.7.5.4 Loading
src/current-patches/firefox/0001-Block-Components.interfaces-lookupMethod-from-conten.patch 0 → 100644 +50 −0 Original line number Diff line number Diff line From 1c2ccbea73720db5405602e4033c69b706068a8b Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@torproject.org> Date: Wed, 1 Feb 2012 15:40:40 -0800 Subject: [PATCH 01/24] Block Components.interfaces,lookupMethod from content This patch removes the ability of content script to access Components.interfaces.* as well as call or access Components.lookupMethod. These two interfaces seem to be exposed to content script only to make our lives difficult. Components.lookupMethod can undo our JS hooks, and Components.interfaces is useful for fingerprinting the platform, OS, and Firebox version. They appear to have no other legitimate use. See also: https://bugzilla.mozilla.org/show_bug.cgi?id=429070 https://trac.torproject.org/projects/tor/ticket/2873 https://trac.torproject.org/projects/tor/ticket/2874 --- js/xpconnect/src/XPCComponents.cpp | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp index 38bfe08..7224b9b 100644 --- a/js/xpconnect/src/XPCComponents.cpp +++ b/js/xpconnect/src/XPCComponents.cpp @@ -4502,7 +4502,9 @@ nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval) NS_IMETHODIMP nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) { - static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; + // XXX: Pref observer? Also, is this what we want? Seems like a plan + //static const char* allowed[] = { "isSuccessCode", "lookupMethod", nsnull }; + static const char* allowed[] = { "isSuccessCode", nsnull }; *_retval = xpc_CheckAccessList(methodName, allowed); return NS_OK; } @@ -4511,7 +4513,9 @@ nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, c NS_IMETHODIMP nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) { - static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; + // XXX: Pref observer? Also, is this what we want? Seems like a plan + // static const char* allowed[] = { "interfaces", "interfacesByID", "results", nsnull}; + static const char* allowed[] = { "results", nsnull}; *_retval = xpc_CheckAccessList(propertyName, allowed); return NS_OK; } -- 1.7.5.4
src/current-patches/firefox/0002-Make-Permissions-Manager-memory-only.patch 0 → 100644 +94 −0 Original line number Diff line number Diff line From cd983b1b57b1f4ae10c8deec5aa12ec957fdc855 Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@torproject.org> Date: Wed, 1 Feb 2012 15:45:16 -0800 Subject: [PATCH 02/24] Make Permissions Manager memory-only This patch exposes a pref 'permissions.memory_only' that properly isolates the permissions manager to memory, which is responsible for all user specified site permissions, as well as stored STS policy. The pref does successfully clear the permissions manager memory if toggled. It does not need to be set in prefs.js, and can be handled by Torbutton. https://trac.torproject.org/projects/tor/ticket/2950 --- extensions/cookie/nsPermissionManager.cpp | 34 ++++++++++++++++++++++++++-- 1 files changed, 31 insertions(+), 3 deletions(-) diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp index 67eb216..12cc7cf 100644 --- a/extensions/cookie/nsPermissionManager.cpp +++ b/extensions/cookie/nsPermissionManager.cpp @@ -58,6 +58,10 @@ #include "mozStorageHelper.h" #include "mozStorageCID.h" #include "nsXULAppAPI.h" +#include "nsCOMPtr.h" +#include "nsIPrefService.h" +#include "nsIPrefBranch.h" +#include "nsIPrefBranch2.h" static nsPermissionManager *gPermissionManager = nsnull; @@ -203,6 +207,11 @@ nsPermissionManager::Init() mObserverService->AddObserver(this, "profile-do-change", true); } + nsCOMPtr<nsIPrefBranch2> pbi = do_GetService(NS_PREFSERVICE_CONTRACTID); + if (pbi) { + pbi->AddObserver("permissions.", this, PR_FALSE); + } + if (IsChildProcess()) { // Get the permissions from the parent process InfallibleTArray<IPC::Permission> perms; @@ -251,8 +260,18 @@ nsPermissionManager::InitDB(bool aRemoveFile) if (!storage) return NS_ERROR_UNEXPECTED; + bool memory_db = false; + nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); + if (prefs) { + prefs->GetBoolPref("permissions.memory_only", &memory_db); + } + // cache a connection to the hosts database - rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + if (memory_db) { + rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); + } else { + rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + } NS_ENSURE_SUCCESS(rv, rv); bool ready; @@ -262,7 +281,11 @@ nsPermissionManager::InitDB(bool aRemoveFile) rv = permissionsFile->Remove(false); NS_ENSURE_SUCCESS(rv, rv); - rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + if (memory_db) { + rv = storage->OpenSpecialDatabase("memory", getter_AddRefs(mDBConn)); + } else { + rv = storage->OpenDatabase(permissionsFile, getter_AddRefs(mDBConn)); + } NS_ENSURE_SUCCESS(rv, rv); mDBConn->GetConnectionReady(&ready); @@ -783,7 +806,12 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports *aSubject, const char *aT { ENSURE_NOT_CHILD_PROCESS; - if (!nsCRT::strcmp(aTopic, "profile-before-change")) { + if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) { + if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("permissions.memory_only").get())) { + // XXX: Should we remove the file? Probably not.. + InitDB(PR_FALSE); + } + } else if (!nsCRT::strcmp(aTopic, "profile-before-change")) { // The profile is about to change, // or is going away because the application is shutting down. if (!nsCRT::strcmp(someData, NS_LITERAL_STRING("shutdown-cleanse").get())) { -- 1.7.5.4
src/current-patches/firefox/0003-Make-Intermediate-Cert-Store-memory-only.patch 0 → 100644 +43 −0 Original line number Diff line number Diff line From f100a7979e1a44863a8a67a09743f0e17b5dd14e Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@fscked.org> Date: Fri, 19 Aug 2011 17:58:23 -0700 Subject: [PATCH 03/24] Make Intermediate Cert Store memory-only. This patch makes the intermediate SSL cert store exist in memory only. The pref must be set before startup in prefs.js. https://trac.torproject.org/projects/tor/ticket/2949 --- security/manager/ssl/src/nsNSSComponent.cpp | 15 ++++++++++++++- 1 files changed, 14 insertions(+), 1 deletions(-) diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp index a08c4ef..0ec3713 100644 --- a/security/manager/ssl/src/nsNSSComponent.cpp +++ b/security/manager/ssl/src/nsNSSComponent.cpp @@ -1730,8 +1730,21 @@ nsNSSComponent::InitializeNSS(bool showWarningBox) // Ubuntu 8.04, which loads any nonexistent "<configdir>/libnssckbi.so" as // "/usr/lib/nss/libnssckbi.so". PRUint32 init_flags = NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE; - SECStatus init_rv = ::NSS_Initialize(profileStr.get(), "", "", + bool nocertdb = false; + mPrefBranch->GetBoolPref("security.nocertdb", &nocertdb); + + // XXX: We can also do the the following to only disable the certdb. + // Leaving this codepath in as a fallback in case InitNODB fails + if (nocertdb) + init_flags |= NSS_INIT_NOCERTDB; + + SECStatus init_rv; + if (nocertdb) { + init_rv = ::NSS_NoDB_Init(NULL); + } else { + init_rv = ::NSS_Initialize(profileStr.get(), "", "", SECMOD_DB, init_flags); + } if (init_rv != SECSuccess) { PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get())); -- 1.7.5.4
src/current-patches/firefox/0004-Add-a-string-based-cacheKey.patch 0 → 100644 +85 −0 Original line number Diff line number Diff line From d674d09bc233d200b1ebc47f8e6ac4ebd6e4225a Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@fscked.org> Date: Fri, 2 Sep 2011 20:47:02 -0700 Subject: [PATCH 04/24] Add a string-based cacheKey. Used for isolating cache according to same-origin policy. --- netwerk/base/public/nsICachingChannel.idl | 7 +++++++ netwerk/protocol/http/nsHttpChannel.cpp | 22 ++++++++++++++++++++++ netwerk/protocol/http/nsHttpChannel.h | 1 + 3 files changed, 30 insertions(+), 0 deletions(-) diff --git a/netwerk/base/public/nsICachingChannel.idl b/netwerk/base/public/nsICachingChannel.idl index 2da46d6..4ee5774 100644 --- a/netwerk/base/public/nsICachingChannel.idl +++ b/netwerk/base/public/nsICachingChannel.idl @@ -98,6 +98,13 @@ interface nsICachingChannel : nsICacheInfoChannel attribute nsISupports cacheKey; /** + * Set/get the cache domain... uniquely identifies the data in the cache + * for this channel. Holding a reference to this key does NOT prevent + * the cached data from being removed. + */ + attribute AUTF8String cacheDomain; + + /** * Specifies whether or not the data should be cached to a file. This * may fail if the disk cache is not present. The value of this attribute * is usually only settable during the processing of a channel's diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index dec2a83..97bd84c 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -2392,6 +2392,12 @@ nsHttpChannel::AssembleCacheKey(const char *spec, PRUint32 postID, cacheKey.Append(buf); } + if (strlen(mCacheDomain.get()) > 0) { + cacheKey.AppendLiteral("domain="); + cacheKey.Append(mCacheDomain.get()); + cacheKey.AppendLiteral("&"); + } + if (!cacheKey.IsEmpty()) { cacheKey.AppendLiteral("uri="); } @@ -4695,6 +4701,22 @@ nsHttpChannel::SetCacheForOfflineUse(bool value) } NS_IMETHODIMP +nsHttpChannel::GetCacheDomain(nsACString &value) +{ + value = mCacheDomain; + + return NS_OK; +} + +NS_IMETHODIMP +nsHttpChannel::SetCacheDomain(const nsACString &value) +{ + mCacheDomain = value; + + return NS_OK; +} + +NS_IMETHODIMP nsHttpChannel::GetOfflineCacheClientID(nsACString &value) { value = mOfflineCacheClientID; diff --git a/netwerk/protocol/http/nsHttpChannel.h b/netwerk/protocol/http/nsHttpChannel.h index 88ce469..53538cf 100644 --- a/netwerk/protocol/http/nsHttpChannel.h +++ b/netwerk/protocol/http/nsHttpChannel.h @@ -303,6 +303,7 @@ private: nsCOMPtr<nsICacheEntryDescriptor> mOfflineCacheEntry; nsCacheAccessMode mOfflineCacheAccess; nsCString mOfflineCacheClientID; + nsCString mCacheDomain; // auth specific data nsCOMPtr<nsIHttpChannelAuthProvider> mAuthProvider; -- 1.7.5.4
src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch 0 → 100644 +85 −0 Original line number Diff line number Diff line From 88a390822d232ba037de1f15091977ca7e1064bf Mon Sep 17 00:00:00 2001 From: Mike Perry <mikeperry-git@torproject.org> Date: Wed, 1 Feb 2012 15:50:15 -0800 Subject: [PATCH 05/24] Block all plugins except flash. We cannot use the @mozilla.org/extensions/blocklist;1 service, because we actually want to stop plugins from ever entering the browser's process space and/or executing code (for example, AV plugins that collect statistics/analyse urls, magical toolbars that phone home or "help" the user, skype buttons that ruin our day, and censorship filters). Hence we rolled our own. See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings on a better way. Until then, it is delta-darwinism for us. --- dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++ dom/plugins/base/nsPluginHost.h | 2 ++ 2 files changed, 35 insertions(+), 0 deletions(-) diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp index 992bcd4..f56f231 100644 --- a/dom/plugins/base/nsPluginHost.cpp +++ b/dom/plugins/base/nsPluginHost.cpp @@ -1968,6 +1968,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag) return false; } +PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile) +{ + nsCString leaf; + const char *leafStr; + nsresult rv; + + rv = pluginFile->GetNativeLeafName(leaf); + if (NS_FAILED(rv)) { + return PR_TRUE; // fuck 'em. blacklist. + } + + leafStr = leaf.get(); + + if (!leafStr) { + return PR_TRUE; // fuck 'em. blacklist. + } + + // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin, + // NPSWF32.dll, NPSWF64.dll + if (strstr(leafStr, "libgnashplugin") == leafStr || + strstr(leafStr, "libflashplayer") == leafStr || + strstr(leafStr, "Flash Player") == leafStr || + strstr(leafStr, "NPSWF") == leafStr) { + return PR_FALSE; + } + + return PR_TRUE; // fuck 'em. blacklist. +} + typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void); nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, @@ -2101,6 +2130,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, continue; } + if (GhettoBlacklist(localfile)) { + continue; + } + // if it is not found in cache info list or has been changed, create a new one if (!pluginTag) { nsPluginFile pluginFile(localfile); diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h index 39a8891..c262abf 100644 --- a/dom/plugins/base/nsPluginHost.h +++ b/dom/plugins/base/nsPluginHost.h @@ -278,6 +278,8 @@ private: // Loads all cached plugins info into mCachedPlugins nsresult ReadPluginInfo(); + PRBool GhettoBlacklist(nsIFile *pluginFile); + // Given a file path, returns the plugins info from our cache // and removes it from the cache. void RemoveCachedPluginsInfo(const char *filePath, -- 1.7.5.4