ftp:// on Windows can be used to leak the system time zone (Tor 30800)
Categories
(Core Graveyard :: Networking: FTP, enhancement, P2)
Tracking
(firefox70 fixed)
Tracking | Status | |
---|---|---|
firefox70 | --- | fixed |
People
(Reporter: xeonchen, Assigned: xeonchen)
References
(Blocks 1 open bug)
Details
(Whiteboard: [fingerprinting][tor 30800] [necko-triaged])
Attachments
(1 file)
Tor 30800 reports that there's a potential fingerprinting issue on non-Windows platform.
When using the ftp:// protocol, directory listings contain timestamps converted to the system timezone.. These timestamps can be extracted by a script on a same-origin FTP hosted HTML page, allowing detection of a user's system timezone.
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Updated•5 years ago
|
Comment 2•5 years ago
|
||
I tested the patch and it works for me. Do we actually know why only Windows is affected?
Assignee | ||
Comment 3•5 years ago
|
||
(In reply to Georg Koppen from comment #2)
I tested the patch and it works for me. Do we actually know why only Windows is affected?
Timezone info isn't specified here, so that the parsing here might have different result, where PRTime
should always use GMT and be timezone-free.
I've updated the patch, and I think it makes more sense even on other platforms.
Assignee | ||
Comment 4•5 years ago
•
|
||
FWIW, I tested by visiting ftp://ftp.freebsd.org/ and I found switching privacy.resistFingerprinting
on/off doesn't affect timezone displayed here until restart Firefox. But in this bug I'm trying to make the content in view-source:ftp://ftp.freebsd.org/ stable on all platforms.
Comment 5•5 years ago
|
||
(In reply to Gary Chen [:xeonchen] from comment #4)
... I found switching
privacy.resistFingerprinting
on/off doesn't affect timezone displayed here until restart Firefox
Gary: FYI: see bug 1491343# comment8 re RFP flipping & TZ spoofing - maybe this needs it's own bug (and tracked/linked in bug 1414162)
Assignee | ||
Comment 6•5 years ago
|
||
(In reply to Simon Mainey from comment #5)
(In reply to Gary Chen [:xeonchen] from comment #4)
... I found switching
privacy.resistFingerprinting
on/off doesn't affect timezone displayed here until restart FirefoxGary: FYI: see bug 1491343# comment8 re RFP flipping & TZ spoofing - maybe this needs it's own bug (and tracked/linked in bug 1414162)
Update on current status:
After applying this patch, macOS will always display GMT time regardless privacy.resistfingerprinting
is enabled or disabled, I haven't tested on Linux.
I suspect what mentioned by Simon is the root cause that my current patch doesn't work properly on mac, I didn't notice this because I was debugging with e10s disabled, that makes everything works well, including dynamically switching privacy.resistfingerprinting
and reloading the ftp site.
Assignee | ||
Comment 7•5 years ago
|
||
(In reply to Gary Chen [:xeonchen] from comment #6)
After applying this patch, macOS will always display GMT time regardless
privacy.resistfingerprinting
is enabled or disabled, I haven't tested on Linux.
It turns out that PR_LocalTimeParameters
returns different value in the content process on macOS, and is caused by sandbox.
IMHO: directory-listing pages are browser-generated content. Such kind of content (except about:blank) should be just forbidden to scripts and css to access.
Pushed by xeonchen@gmail.com: https://hg.mozilla.org/integration/autoland/rev/c4beb9353658 use FormatPRExplodedTime to display GMT; r=kershaw
Comment 10•5 years ago
|
||
bugherder |
Updated•2 months ago
|
Description
•