Add a configure flag to load policies only from the local policies.json file
Categories
(Firefox :: Enterprise Policies, enhancement, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox105 | --- | fixed |
People
(Reporter: pierov, Assigned: pierov)
Details
(Whiteboard: [tor 32418])
Attachments
(2 files)
|
4.61 KB,
patch
|
Details | Diff | Splinter Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review |
In Tor Browser, we load enterprise policies only from the local policies.json file.
We developed a patch that allows to enable this behavior using a command line flag during the configuration phase, and we would love you to merge this patch into Firefox.
Thanks!
|
||
Comment 1•3 years ago
|
||
This would allow an employee at a company to install the Tor browser to bypass their company policies which defeats the purpose of policies.
Why doesn't the Tor browser honor system policies?
|
Assignee | |
Comment 2•3 years ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #1)
This would allow an employee at a company to install the Tor browser to bypass their company policies which defeats the purpose of policies.
Yes, that is already possible, because we have already had this patch for a couple of years.
I have recently modified to change this behavior at compile time and possibly upstream it.
Why doesn't the Tor browser honor system policies?
Tor Browser comes with a set of preferences carefully crafted to guarantee security and privacy to our users.
We do not want to load system policies because they may compromise the defenses we build.
In many corporate environments where system policies are used, probably using or even downloading Tor Browser itself would be against said policies, with or without this patch.
|
|
||
Comment 3•3 years ago
|
||
-
This looks good to me, but the comment references things that aren't in the patch (app update).
-
Are you going to make this a phabricator patch or should I?
|
|
Assignee | |
Comment 4•3 years ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #3)
- This looks good to me, but the comment references things that aren't in the patch (app update).
Oh, sorry!
I have exported our commit with the original description, but it can be changed.
- Are you going to make this a phabricator patch or should I?
I have never created one, but if you have a bit of patience I can try to 🙂️
|
|
||
Comment 5•3 years ago
|
||
I'm curious about this change though:
Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.
Is there something else we should take?
Here's info about using phabricator:
https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html
|
|
Assignee | |
Comment 6•3 years ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #5)
I'm curious about this change though:
Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.Is there something else we should take?
This is our original issue linked to this patch.
It refers the commit hash e577d655d2044e3b6636b0bccfbb5bd776148582.
It seems that the first reason to add it was some problems with updates. Indeed, that commit (applied on top of Firefox 68.7.0 ESR) modified also toolkit/mozapps/update/UpdateService.jsm.
That part must have been dropped with time, but for our case, disabling system policies is a good idea for a series of other reasons (e.g., to avoid having OS CAs being injected).
Here's info about using phabricator:
https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html
Thanks!
|
|
Assignee | |
Comment 7•3 years ago
|
||
Now I see the whole story, sorry for not being more precise earlier.
We initially completely disabled enterprise policies because they did not allow us to set tor as a proxy, and made Tor Browser useless.
Indeed, before my changes, the policies were disabled with --enabled-proxy-bypass-protection, but I thought that having a more explicit flag is better, since it is not the only reason to disable them.
Then, we decided to re-enable the policies, so that users could disable updates (and possibly set any other setting that can be enabled only on policies), but only by using the JSON file.
Finally, the update part went away, but we kept supporting "local" policies in this way, but we did not update the commit description.
I have then exported the patch from git, to keep information about its original author, but I did not clean also its description.
I will do on the phabricator version.
Thanks again 😄️
|
|
Assignee | |
Comment 8•3 years ago
|
||
Add a configuration flag to make Enterprise Policies mechanism only
consult a policies.json file (avoiding the Windows Registry, macOS's
file system attributes, and /etc/firefox/policies/policies.json on
other OS).
|
||
Updated•3 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 9•2 years ago
|
||
Thanks for the needinfo, this was invisible to me in phabricator because it had a r+ from mkaply.
|
|
||
Updated•2 years ago
|
| Comment hidden (off-topic) |
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 11•2 years ago
|
||
Sorry, there was a problem with the detection of inactive users. I'm reverting the change.
|
|
Assignee | |
Comment 12•2 years ago
|
||
Thanks for the reviews!
I do not have any commit access, so could any of you please land the patch?
Thanks again!
|
||
Comment 13•2 years ago
|
||
|
||
Comment 14•2 years ago
|
||
| bugherder | ||
Description
•