Closed Bug 1551355 Opened 6 years ago Closed 6 years ago

Migrate profiler timestamps to TimeStamp::NowUnfuzzed()

Categories

(Core :: Gecko Profiler, enhancement, P3)

Product:
Core
Component:
Gecko Profiler
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla69
Tracking Flags:
Tracking Status
firefox68 --- wontfix
firefox69 --- fixed

People

(Reporter: denispal, Assigned: denispal)

Details

Attachments

(1 file)

Use TimeStamp::NowUnfuzzed() instead of TimeStamp::Now() during gecko profiling
47 bytes, text/x-phabricator-request
Details | Review

To avoid any surprises when FuzzyFox is enabled, we should migrate over to use NowUnfuzzed() instead of Now().

Thank you Denis for opening this bug.

Since we record these soon-to-be-unfuzzed times in some markers that are exposed in profiles, should we add an option to re-fuzz timers when sharing profiles?
(Like we already offer options to remove URLs, screenshots, etc., to protect privacy -- Click on "Publish..." button at top-right of just-captured profiles.)

The profiler will requrie non-fuzzed timers for accuracy. Making the switch early will avoid surprises when FuzzyFox is enabled.

(In reply to Gerald Squelart [:gerald] from comment #1)

Thank you Denis for opening this bug.

Since we record these soon-to-be-unfuzzed times in some markers that are exposed in profiles, should we add an option to re-fuzz timers when sharing profiles?
(Like we already offer options to remove URLs, screenshots, etc., to protect privacy -- Click on "Publish..." button at top-right of just-captured profiles.)

That's an interesting question! I think if we re-fuzz the timestamps then the uploaded profiles may become much less valuable and even potentially useless in many cases?

I think that with fuzzing timestamps the main threat we want to protect our users about is the timing attacks running in the browser. I don't think that fuzzing when sharing would help this, and I can't think of another thread scenario where this would help. What do you think?

I agree, the attack scenario which fuzzing helps with is not relevant for profile sharing. Timestamps are fuzzed in order to avoid leaking data about origin B to a website of origin A. If the owner of origin A can coerce the victim into capturing a profile and sharing it with them, all bets are off anyway because profiles already contain lots of data about things happening on other origins.

Pushed by dpalmeiro@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/61b74216fec0 Use TimeStamp::NowUnfuzzed() instead of TimeStamp::Now() during gecko profiling r=mstange

https://hg.mozilla.org/mozilla-central/rev/61b74216fec0

Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox69: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: