#33962: Uplift patch for 5741 (dns leak protection) -------------------------------------------------+------------------------- Reporter: acat | Owner: tbb- | team Type: task | Status: | needs_review Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ReleaseTrainMigration | Actual Points: TorBrowserTeam202005R | Parent ID: | Points: Reviewer: | Sponsor: | Sponsor58 -------------------------------------------------+------------------------- Changes (by acat):
* status: new => needs_review * keywords: ReleaseTrainMigration => ReleaseTrainMigration TorBrowserTeam202005R Comment: I adapted the patch from #5741 to try to upstream it. You can find it in https://github.com/acatarineu/tor-browser/commit/33962 (hash). I know we briefly discussed about having this behind the `--enable-proxy- bypass-protection`, but I think there *might* be chances for this to be upstreamed as it is now, and be useful for Firefox (it wouldn't be for sure if it's behind the proxy bypass flag). I did a couple of changes with respect to the original patch. The main one is that the patch I attached is checking that both `network.proxy.type = MANUAL` and `network.proxy.socks_remote_dns = true`, while the current patch only checks `network.proxy.socks_remote_dns = true`. I think this change is needed to avoid blocking DNS when we should not, for example in a situation where a user sets up a SOCKS proxy (enabling DNS through socks), and then switches back to 'No proxy', in `about:preferences`. I think the patch with these changes is safe enough for Firefox, in the sense that it should not result in undesired breakage. The question is whether is also safe for us, in terms of proxy bypass protection. My assumption is yes, as the only additional change is that we also check for `network.proxy.type`, and we don't support changing this in Tor Browser. But I think it's a good idea for this to be reviewed before trying to push the patch to Firefox. I added this to 202005, but please feel free to re-prioritize. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33962#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs