Commit ab3c82a7 authored by Mike Perry's avatar Mike Perry
Browse files

Block all plugins except flash. 

We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
actually want to stop plugins from ever entering the browser's process space
and/or executing code (for example, AV plugins that collect statistics/analyse
urls, magical toolbars that phone home or "help" the user, skype buttons that
ruin our day, and censorship filters). Hence we rolled our own.

See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
on a better way. Until then, it is delta-darwinism for us.
parent 102f9173

dom/plugins/base/nsPluginHost.cpp

+33 −0
Original line number Diff line number Diff line
@@ -1801,6 +1801,35 @@ struct CompareFilesByTime 


} // anonymous namespace



PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile)

{

    nsCString leaf;

    const char *leafStr;

    nsresult rv;

    

    rv = pluginFile->GetNativeLeafName(leaf);

    if (NS_FAILED(rv)) {

        return PR_TRUE; // fuck 'em. blacklist.

    }



    leafStr = leaf.get();



    if (!leafStr) {

        return PR_TRUE; // fuck 'em. blacklist.

    }



    // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin,

    // NPSWF32.dll, NPSWF64.dll

    if (strstr(leafStr, "libgnashplugin") == leafStr ||

        strstr(leafStr, "libflashplayer") == leafStr ||

        strstr(leafStr, "Flash Player") == leafStr ||

        strstr(leafStr, "NPSWF") == leafStr) {

        return PR_FALSE;

    }



    return PR_TRUE; // fuck 'em. blacklist.

}



typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void);



nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir,
@@ -1904,6 +1933,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, 
      continue;

    }



    if (GhettoBlacklist(localfile)) {

        continue;

    }



    // if it is not found in cache info list or has been changed, create a new one

    if (!pluginTag) {

      nsPluginFile pluginFile(localfile);

dom/plugins/base/nsPluginHost.h

+2 −0
Original line number Diff line number Diff line
@@ -241,6 +241,8 @@ private: 
  // Loads all cached plugins info into mCachedPlugins

  nsresult ReadPluginInfo();



  PRBool GhettoBlacklist(nsIFile *pluginFile);



  // Given a file path, returns the plugins info from our cache

  // and removes it from the cache.

  void RemoveCachedPluginsInfo(const char *filePath,