Closed Bug 1769028 Opened 3 years ago Closed 3 years ago

nsProfileLock::LockWithSymlink should not perform DNS requests when the proxy bypass protection is enabled

Categories

(Toolkit :: Startup and Profile System, defect)

Product:
Toolkit
Component:
Startup and Profile System
Version:
Firefox 100
Platform:
Desktop
Unspecified
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
firefox108 --- fixed

People

(Reporter: pierov, Assigned: pierov)

Details

Attachments

(2 files)

This is the path for Firefox 91.9.0 ESR that we use on Tor Browser
1.91 KB, patch
Details | Diff | Splinter Review
Bug 1769028: Disable DNS lookup in nsProfileLock when the proxy bypass protection is enabled r=mossop
48 bytes, text/x-phabricator-request
Details | Review

nsProfileLock::LockWithSymlink performs a DNS lookup of the current system hostname, to get the IP address to add it to the symlink name.

We think that if proxy bypass protection is enabled, this function should always use 127.0.0.1.

Basically, the change would be putting the part of code that performs the DNS query under an #ifndef MOZ_PROXY_BYPASS_PROTECTION.

We have had a patch that just removed the DNS query in Tor Browser for many years. It was originally developed by Kathy Brade, who found it could be troublesome when the following conditions are all true:

  1. The browser profile is on a network file system.
  2. The file system does not support fcntl() locking.
  3. The browser is run from two different computers at the same time.

However, we think that honoring MOZ_PROXY_BYPASS_PROTECTION has higher precedence than preventing this scenario.

Thanks!

The severity field is not set for this bug.
:mossop, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dtownsend)
Severity: -- → S4
Flags: needinfo?(dtownsend)

Hello, I could open a phabricator request with the patch I have already attached.
Could I set you as a reviewer, in case? Otherwise, who could I set?
Thanks in advance!

Flags: needinfo?(dtownsend)

(In reply to Pier Angelo Vendrame from comment #2)

Hello, I could open a phabricator request with the patch I have already attached.
Could I set you as a reviewer, in case? Otherwise, who could I set?
Thanks in advance!

Sorry missed this somehow. Yes you can set me as reviewer.

Flags: needinfo?(dtownsend)

Instead of using the local computer's IP address within
symlink-based profile lock signatures, always use 127.0.0.1 when the
proxy bypass protection is enabled.

Assignee: nobody → pierov
Status: NEW → ASSIGNED
Pushed by dtownsend@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b8451510594b Disable DNS lookup in nsProfileLock when the proxy bypass protection is enabled r=mossop

https://hg.mozilla.org/mozilla-central/rev/b8451510594b

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox108: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 108 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: