Closed Bug 820658 Opened 13 years ago Closed 12 years ago

Private Browsing leaks history in SQLite's Write-Ahead Log for tabs.db

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Firefox 20

People

(Reporter: st3fan, Assigned: mfinkle)

References

Details

Attachments

(1 file)

patch
1.24 KB, patch
bnicholson
: review+
Details | Diff | Splinter Review
Private Browsing leaks history in the tabs.db-wal file. This file is the SQLite "Write-Ahead Log" and is described at http://www.sqlite.org/draft/wal.html The leak happens when you have private browsing tabs open and browse to different sites. While you browse the tabs.db is updated. Since it replaces the record for tab in a transaction, the value is also written to the Write-Ahead Log. The WAL seems to be growing in size and is cleaned up periodically. But with enough luck you can find a good number of URLs of previously visited sites from private browsing sessions. I was able to do this with the following command: strings tabs.db-wal | strings | grep http
We should look into how we are saving data into tabs.db and make sure we apply the same PB rules as for history. I also think this borders on "takes a lot of effort to see the leaked data" and I might be OK to ignore it, if we can't easily fix the problem.
We should definitely fix this. Most of the data that we prevent to get saved to disk fits the "takes a lot of effort to see the leaked data" category...
My interpretation of the -wal file was wrong. I thought it was a temporary file but instead it contains uncommitted records that WILL be part of the actual tabs.db when SQLite runs a checkpoint. For example I currently have five tabs open in Firefox: about:home Hacker News (PRIVATE) Add-ons Copy Profile :: Add-ons for Android New RA Flood Attack (PRIVATE) When I use sqlite to look at the tabs.db file I see this: sqlite> select _id,url from tabs; 40|about:home 41|http://news.ycombinator.com/ 42|about:addons 43|https://addons.mozilla.org/en-US/android/addon/copy-profile/?src=search 44|about:reader?url=http%3A%2F%2Fsamsclass.info%2Fipv6%2Fproj%2FRA_flood2.htm%231&readingList=0&tabId=10 So this means that these private tabs are not just in a temporary file. They are actually persisted in the real tabs.db.
Yep. That tabs.db is used to allow Sync to replicate tabs from mobile to desktop. We should not store private tabs in the tabs.db.
Attached patch patchSplinter Review
I only found one place where we add tabs to the tabs.db and that is here: http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/Tabs.java#411 That code eventually leads here: http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/TabsAccessor.java#186 This patch adds a tab.isPrivate() check here: http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/TabsAccessor.java#195 That will skip private tabs when saving to the DB
Assignee: nobody → mark.finkle
Attachment #692427 - Flags: review?(bnicholson)
Attachment #692427 - Flags: review?(bnicholson) → review+
https://hg.mozilla.org/mozilla-central/rev/1fb70af2d687
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 20
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: