Opened 7 years ago

Closed 4 years ago

#7561 closed defect (fixed)

Contents of FTP requests are cached and not isolated to the URL bar origin

Reported by: gk Owned by: gk
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-linkability, tbb-bounty, tbb-easy, tbb-firefox-patch, ff38-esr, TorBrowserTeam201506R
Cc: arthuredelstein, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Contents of FTP requests can get cached but are currently not isolated to the URL bar origin which contradicts the goal of section 3.5.2 of the Tor Browser design documentation. The relevant code is here: https://mxr.mozilla.org/mozilla-central/source/netwerk/protocol/ftp/nsFtpConnectionThread.cpp

There are two things to note:

1) This caching is working a bit differently than the familiar HTTP caching. E.g. are there no E-Tags, no headers involved which makes a scalable exploitation much harder (that's the only reason why I think the prio is normal) IMO.

2) Furthermore, only directory listings can get cached, not "normal" files like CSS or JS files loaded via FTP.

Child Tickets

Attachments (1)

0001-Bug-918827-Remove-caching-for-ftp-connections.-r-mic.patch (18.4 KB) - added by gk 4 years ago.

Download all attachments as: .zip

Change History (12)

comment:1 Changed 7 years ago by gk

Summary: FTP requests are cached and not isolated to the URL bar originContents of FTP requests are cached and not isolated to the URL bar origin

comment:2 Changed 7 years ago by mikeperry

Keywords: tbb-bounty added

comment:3 Changed 6 years ago by mikeperry

Keywords: tbb-easy added

We could just kill the FTP directory listing cache.

comment:4 Changed 6 years ago by gk

Sounds good to me.

comment:5 Changed 5 years ago by erinn

Keywords: tbb-firefox-patch added

comment:6 Changed 5 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:7 Changed 5 years ago by gk

Keywords: ff38-esr added
Owner: changed from tbb-team to gk
Status: newassigned

Mozilla is killing the FTP caching in https://bugzilla.mozilla.org/show_bug.cgi?id=913827. It just missed ESR 38, though. Nevertheless, the patch should be easily backportable and we should simply do that, I think.

comment:8 Changed 5 years ago by arthuredelstein

Cc: arthuredelstein added

comment:9 Changed 5 years ago by mcs

Cc: mcs added

comment:10 Changed 4 years ago by gk

Keywords: TorBrowserTeam201506R added
Status: assignedneeds_review

Attached is the backported fix for this bug.

comment:11 Changed 4 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

This landed on Arthur's branch and will be shipped in the next alpha. Closing.

Note: See TracTickets for help on using tickets.