Opened 8 years ago

Closed 8 years ago

#6370 closed enhancement (fixed)

Enable WebGL (as click-to-play only)

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone: TorBrowserBundle 2.3.x-stable
Component: Applications/Tor bundles/installation Version:
Severity: Keywords: MikePerry201207
Cc: ioerror, gk Actual Points: 0.5
Parent ID: Points: 1
Reviewer: Sponsor:


In #3323, we reviewed WebGL for API-based fingerprinting issues. The conclusion is that if we set webgl.min_capability_mode and webgl.disable-extensions, our primary API-level fingerprinting concerns are addressed.

Additionally, #6253 lists another related fingerprinting defense to rendering vectors (#6041), but so long as WebGL remains click-to-play, I think #6253 is not a blocker to enabling WebGL in a click-to-play limited sense.

However, I am still terrified by the vulnerability surface represented by WebGL on the graphics driver end. Because much of that code lives in kernel or at least at UID 0 priv level, it will prove very difficult to actually properly sandbox.. Worse, many drivers are very likely not network-hardened or designed to handle untrusted input. See also:

Hence, I think WebGL will probably have to remain a second-class click-to-play tech for the foreseeable future, even if "enabled".

Child Tickets

Change History (1)

comment:1 Changed 8 years ago by mikeperry

Actual Points: 0.5
Resolution: fixed
Status: newclosed
Summary: Enable WebGLEnable WebGL (as click-to-play only)

This is pushed to all branches of TBB. I also set both webgl.disable-extensions and webgl.min_capability_mode to true as well.

Note: See TracTickets for help on using tickets.