Closed Bug 1432905 Opened 7 years ago Closed 7 years ago

Add pref to prevent localhost DNS lookup in nsProfileLock.cpp

Categories

(Toolkit :: Startup and Profile System, enhancement)

Product:
Toolkit
Component:
Startup and Profile System
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1448783

People

(Reporter: arthur, Unassigned)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [tor 18800])

Attachments

(1 file)

0001-Bug-1432905-Stop-localhost-DNS-lookup-with-enable-pr.patch
2.17 KB, patch
Details | Diff | Splinter Review
For Tor Browser, we patch nsProfileLock.cpp to prevent bypass of the Tor proxy. Here's the patch: https://torpat.ch/18800 And the original ticket: https://trac.torproject.org/18800 We'd like to propose uplifting this patch, behind a pref.
Blocks: ProxyBypass, meta_tor
Here's a patch for review, using the --enable-proxy-bypass-protection flag we recently added.
Attachment #8948851 - Flags: review?(robert.strong.bugs)
Component: General → Startup and Profile System
Product: Core → Toolkit
Comment on attachment 8948851 [details] [diff] [review] 0001-Bug-1432905-Stop-localhost-DNS-lookup-with-enable-pr.patch I'm not the best person to review this so I changed the review to someone that I think is.
Attachment #8948851 - Flags: review?(robert.strong.bugs) → review?(mh+mozilla)
Comment on attachment 8948851 [details] [diff] [review] 0001-Bug-1432905-Stop-localhost-DNS-lookup-with-enable-pr.patch Review of attachment 8948851 [details] [diff] [review]: ----------------------------------------------------------------- Why do you care about this DNS lookup? First and foremost, on most systems, I expect this actually doesn't lead to an actual DNS lookup. Second, this is entirely unrelated to browsing.
Attachment #8948851 - Flags: review?(mh+mozilla)
My understanding is this patch is a defense in depth, to make sure Tor Browser never bypasses the proxy. Adding mcs and brade in case they have any further comment on this.
(In reply to Arthur Edelstein (Tor Browser dev) [:arthuredelstein] from comment #4) > My understanding is this patch is a defense in depth, to make sure Tor > Browser never bypasses the proxy. Adding mcs and brade in case they have any > further comment on this. "Defense in depth" is my understanding as well.
Mike, what's your view? Is this a patch you would accept for the reason given? Thanks.
Flags: needinfo?(mh+mozilla)
I'm afraid "defense in depth" as an answer to comment 3 is incomplete and hand-wavy. It seems to me this is only a change for the sake of it.
Flags: needinfo?(mh+mozilla)
I don't think we should add a preference for this, but there is value in always avoiding the native lookup to improve startup performance. Even if this bug is not an exact duplicate, we should consolidate these efforts in bug 1448783.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: