Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-proxy-bypass, tbb-8.5,   |  Actual Points:
  TorBrowserTeam201905, GeorgKoppen201905|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_information => closed
 * resolution:   => fixed


Comment:

 Let's track the remaining things in #30575.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904, GeorgKoppen201904,   |
  tbb-8.5|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => needs_information
 * keywords:
 tbb-proxy-bypass, TorBrowserTeam201904R, GeorgKoppen201904, tbb-8.5
 -must-alpha
 => tbb-proxy-bypass, TorBrowserTeam201904, GeorgKoppen201904, tbb-8.5


Comment:

 Replying to [comment:11 tom]:
 > Replying to [comment:9 gk]:
 > >However, I am still not convinced that this is the whole picture. In
 particular, I feel those changes *do not* explain how the registry-based
 bypass is working, given that the pref is only checked at one place and
 `areEnterpriseOnlyPoliciesAllowed()` results in `false` for the stable
 series, yet the bug report was made against 8.0.x.
 >
 > I also can't explain this, and agree.  But the patch looks good to me.

 Thanks. Pushed to `tor-browser-60.6.1esr-8.5-1` (commit
 e95c515352094f6c3d943a3313628c370feb18f2 and
 6e730d5184f8d74860488f8fa998bd1e0023281f) to get the changes in our next
 nightly build. Setting to `needs_information` to figure out a way to repro
 the original bug report. I'll try to ask the reporter for steps to
 reproduce and whether they can still reproduce the problem with the fixes
 (whcih we have so far) committed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904R, GeorgKoppen201904,  |
  tbb-8.5-must-alpha |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 Replying to [comment:9 gk]:
 >However, I am still not convinced that this is the whole picture. In
 particular, I feel those changes *do not* explain how the registry-based
 bypass is working, given that the pref is only checked at one place and
 `areEnterpriseOnlyPoliciesAllowed()` results in `false` for the stable
 series, yet the bug report was made against 8.0.x.

 I also can't explain this, and agree.  But the patch looks good to me.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904R, GeorgKoppen201904,  |
  tbb-8.5-must-alpha |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-proxy-bypass, TorBrowserTeam201904R, tbb-8.5-must-alpha =>
 tbb-proxy-bypass, TorBrowserTeam201904R, GeorgKoppen201904, tbb-8.5
 -must-alpha


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904R, tbb-8.5-must-alpha  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_information => needs_review
 * keywords:  tbb-proxy-bypass, TorBrowserTeam201904, tbb-8.5-must-alpha =>
 tbb-proxy-bypass, TorBrowserTeam201904R, tbb-8.5-must-alpha


Comment:

 Replying to [comment:8 tom]:
 > No, the pref should be enough. I was suggesting revert the other one to
 carry one less customization.
 >
 > Policy support will be screwy though. As this issue illustrates, if you
 enable policy support, you will pick up a policy for Firefox, if it's
 present in certain locations, rather than a Tor Browser-specific policy.
 If we wanted to support policies we probably should require them to be TB-
 specific.

 Fair enough. I've pushed `bug_29916`
 (https://gitweb.torproject.org/user/gk/tor-browser.git/log/?h=bug_29916)
 to make the changes you suggested and have them up for review. However, I
 am still not convinced that this is the whole picture. In particular, I
 feel those changes *do not* explain how the registry-based bypass is
 working, given that the pref is only checked at one place and
 `areEnterpriseOnlyPoliciesAllowed()` results in `false` for the stable
 series, yet the bug report was made against 8.0.x.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904, tbb-8.5-must-alpha   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 No, the pref should be enough. I was suggesting revert the other one to
 carry one less customization.

 Policy support will be screwy though. As this issue illustrates, if you
 enable policy support, you will pick up a policy for Firefox, if it's
 present in certain locations, rather than a Tor Browser-specific policy.
 If we wanted to support policies we probably should require them to be TB-
 specific.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904, tbb-8.5-must-alpha   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-proxy-bypass, TorBrowserTeam201904 => tbb-proxy-bypass,
 TorBrowserTeam201904, tbb-8.5-must-alpha
 * status:  new => needs_information


Comment:

 Replying to [comment:6 tom]:
 > I did find another way to control this besides the policy file. I
 believe that we should revert #29445, set
 browser.policies.testing.disallowEnterprise to true, not support enteprise
 policies in any way shape or form, and test a release and alpha build to
 ensure the proxy can't be bypassed.

 Hm, so `browser.policies.testing.disallowEnterprise` set to `true` *alone*
 does not solve our problems here? Or is it just too risky relying just on
 that pref alone? Because *if* folks know what they are doing and want to
 have policy support why not allowing that feature? If the pref alone is
 not enough that sounds like a bug with the pref handling which should get
 fixed independently of this ticket.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 I did find another way to control this besides the policy file. I believe
 that we should revert #29445, set
 browser.policies.testing.disallowEnterprise to true, not support enteprise
 policies in any way shape or form, and test a release and alpha build to
 ensure the proxy can't be bypassed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 As far as I can tell, the only way to bypass the proxy settings is by
 putting a policies.json file containing the relevant setting inside Tor
 Browser's data directory (on desktop) or the package directory (on
 mobile).

 Can the original poster confirm/clarify that is what they did?

 Perhaps we want to prevent this out of an abundance of caution; but if you
 can do this you can generally bypass lots of Tor Browser security
 mechanisms.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 I think this is talking specifically about the Firefox Enterprise Policy
 report we recently enabled in #29445

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by pospeselr):

 * cc: pospeselr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:1 tom]:
 > Hm. I haven't found this code yet. This is referring to the Windows
 Group Policy mechanism, and not the Firefox policy mechanism, right?

 Good question: I'd say, yes, but I am not sure as I don't know much about
 group policies. The report says "If a GPO policy tells Firefox to use
 system proxy setting" and says, that a specific key is written to the
 registry which seems to cause Tor Browser to ignore its own proxy
 settings.

 > I think we should wire up both to be ignored when
 MOZ_PROXY_BYPASS_PROTECTION is enabled

 Agreed.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29916 [Applications/Tor Browser]: Group Policies for Firefox can bypass Tor Browser's proxy settings

[Tor Bug Tracker & Wiki]

#29916: Group Policies for Firefox can bypass Tor Browser's proxy settings
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by tom):

 Hm. I haven't found this code yet. This is referring to the Windows Group
 Policy mechanism, and not the Firefox policy mechanism, right?

 I think we should wire up both to be ignored when
 MOZ_PROXY_BYPASS_PROTECTION is enabled

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs