Opened 9 years ago

Closed 8 years ago

Last modified 18 months ago

#2025 closed defect (invalid)

1.3.x: Non-tor cookies not protected

Reported by: downie Owned by: mikeperry
Priority: Immediate Milestone: Torbutton: 1.3
Component: Applications/Torbutton Version: Torbutton: 1.3.0-alpha
Severity: Normal Keywords: TorbuttonIteration20110305 MikePerryIteration20110305
Cc: Actual Points: 1
Parent ID: Points: 1
Reviewer: Sponsor:

Description

Despite 'Store Non-Tor Cookies in a protected jar' being enabled, non-Tor cookies are wiped on Tor-enable.
Is there an interaction with 'Do not write Non-Tor cookies to disk'?
OSX PPC FF2.
Related to https://trac.torproject.org/projects/tor/ticket/2011 ??
which stopped experimentation with enabling/disabling 'Do not write Non-Tor cookies to disk'.

Child Tickets

Attachments (1)

torbutton-1.3.2pre-alpha2.xpi (469.7 KB) - added by mikeperry 8 years ago.
Fix for #2491. May fix this bug too?

Download all attachments as: .zip

Change History (15)

comment:1 in reply to:  description Changed 9 years ago by rransom

Replying to downie:

Despite 'Store Non-Tor Cookies in a protected jar' being enabled, non-Tor cookies are wiped on Tor-enable.
Is there an interaction with 'Do not write Non-Tor cookies to disk'?
OSX PPC FF2.
Related to https://trac.torproject.org/projects/tor/ticket/2011 ??
which stopped experimentation with enabling/disabling 'Do not write Non-Tor cookies to disk'.

It's not related. (Also, you can link to a bug number in Trac by typing it as #2011 (which displays as #2011).)

If you're willing to unpack a tarball and move files around manually to test this, download:
https://gitweb.torproject.org/torbutton.git/snapshot/bc661c80d1e835d12330138505c1af246baac658.tar.gz

and copy the contents of the resulting src/ directory into extensions/{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}/ in your Firefox profile directory. (Your Firefox profile directory has a name that looks like gibberish.default.)

(That snapshot is of the commit right before #2011 was introduced, and is after the new cookie-management features were added.)

comment:2 Changed 8 years ago by mikeperry

Priority: normalmajor

comment:3 Changed 8 years ago by mikeperry

Owner: changed from mikeperry to koryk
Status: newassigned
Summary: Non-tor cookies not protected1.3.x: Non-tor cookies not protected

comment:4 Changed 8 years ago by mikeperry

Priority: majorcritical

comment:5 Changed 8 years ago by mikeperry

Hrmm FF2? Can anyone reproduce this on FF3? We are dropping support for FF2...

comment:6 Changed 8 years ago by mikeperry

(This does not happen for me on FF3, FWIW).

comment:7 Changed 8 years ago by mikeperry

Points: ?

Changed 8 years ago by mikeperry

Fix for #2491. May fix this bug too?

comment:8 Changed 8 years ago by mikeperry

Owner: changed from koryk to mikeperry
Status: assignedaccepted

I attached an xpi at https://trac.torproject.org/projects/tor/raw-attachment/ticket/2025/torbutton-1.3.2pre-alpha2.xpi that fixes bug #2491 for me. Bug #2491 was due to some bad logic in syncing cookies during toggle, which may cause this bug.

Can you test real quick if this fixes this issue for you on FF4?

comment:9 Changed 8 years ago by mikeperry

Points: ?1

I am going to try once more to reproduce this on FF3 and FF4, and if I cannot do so, I'm going to close this bug.

comment:10 Changed 8 years ago by mikeperry

Keywords: TorbuttonIteration20110305 added; cookie removed
Priority: criticalblocker

comment:11 Changed 8 years ago by mikeperry

Keywords: MikePerryIteration20110305 added

comment:12 Changed 8 years ago by mikeperry

Keywords: TorbuttonIteration20110305, MikePerryIteration20110305TorbuttonIteration20110305 MikePerryIteration20110305

comment:13 Changed 8 years ago by mikeperry

Actual Points: 1
Resolution: invalid
Status: acceptedclosed

Ok, I can't reproduce this on 3.x or 4.0. Closing.

comment:14 Changed 18 months ago by teor

Severity: Normal

Set all tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.