Open Bug 1769030 Opened 1 month ago Updated 1 month ago

Add a configure flag to load policies only from the local policies.json file

Categories

(Firefox :: Enterprise Policies, enhancement)

Firefox 100
Desktop
Unspecified
enhancement

Tracking

()

ASSIGNED

People

(Reporter: pierov, Assigned: pierov)

Details

(Whiteboard: [tor 32418])

Attachments

(2 files)

In Tor Browser, we load enterprise policies only from the local policies.json file.

We developed a patch that allows to enable this behavior using a command line flag during the configuration phase, and we would love you to merge this patch into Firefox.

Thanks!

This would allow an employee at a company to install the Tor browser to bypass their company policies which defeats the purpose of policies.

Why doesn't the Tor browser honor system policies?

(In reply to Mike Kaply [:mkaply] from comment #1)

This would allow an employee at a company to install the Tor browser to bypass their company policies which defeats the purpose of policies.

Yes, that is already possible, because we have already had this patch for a couple of years.

I have recently modified to change this behavior at compile time and possibly upstream it.

Why doesn't the Tor browser honor system policies?

Tor Browser comes with a set of preferences carefully crafted to guarantee security and privacy to our users.

We do not want to load system policies because they may compromise the defenses we build.

In many corporate environments where system policies are used, probably using or even downloading Tor Browser itself would be against said policies, with or without this patch.

  1. This looks good to me, but the comment references things that aren't in the patch (app update).

  2. Are you going to make this a phabricator patch or should I?

(In reply to Mike Kaply [:mkaply] from comment #3)

  1. This looks good to me, but the comment references things that aren't in the patch (app update).

Oh, sorry!

I have exported our commit with the original description, but it can be changed.

  1. Are you going to make this a phabricator patch or should I?

I have never created one, but if you have a bit of patience I can try to 🙂️

I'm curious about this change though:

Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.

Is there something else we should take?

Here's info about using phabricator:

https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html

(In reply to Mike Kaply [:mkaply] from comment #5)

I'm curious about this change though:

Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.

Is there something else we should take?

This is our original issue linked to this patch.
It refers the commit hash e577d655d2044e3b6636b0bccfbb5bd776148582.
It seems that the first reason to add it was some problems with updates. Indeed, that commit (applied on top of Firefox 68.7.0 ESR) modified also toolkit/mozapps/update/UpdateService.jsm.

That part must have been dropped with time, but for our case, disabling system policies is a good idea for a series of other reasons (e.g., to avoid having OS CAs being injected).

Here's info about using phabricator:

https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html

Thanks!

Now I see the whole story, sorry for not being more precise earlier.

We initially completely disabled enterprise policies because they did not allow us to set tor as a proxy, and made Tor Browser useless.
Indeed, before my changes, the policies were disabled with --enabled-proxy-bypass-protection, but I thought that having a more explicit flag is better, since it is not the only reason to disable them.

Then, we decided to re-enable the policies, so that users could disable updates (and possibly set any other setting that can be enabled only on policies), but only by using the JSON file.
Finally, the update part went away, but we kept supporting "local" policies in this way, but we did not update the commit description.

I have then exported the patch from git, to keep information about its original author, but I did not clean also its description.
I will do on the phabricator version.

Thanks again 😄️

Add a configuration flag to make Enterprise Policies mechanism only
consult a policies.json file (avoiding the Windows Registry, macOS's
file system attributes, and /etc/firefox/policies/policies.json on
other OS).

Assignee: nobody → pierov
Status: NEW → ASSIGNED
You need to log in before you can comment on or make changes to this bug.