[developerteam getadooble] [ dooble-Support Requests-3523710 ] Proxy Obedience: Disabling plugins
Brought to you by:
textfield
From: <doo...@li...> - 2012-05-21 14:33:50
|
Support Requests item #3523710, was opened at 2012-05-05 00:12 Message generated for change (Settings changed) made by textfield You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1108294&aid=3523710&group_id=238964 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Open Priority: 5 Private: No Submitted By: perrymikey (perrymikey) Assigned to: Nobody/Anonymous (nobody) Summary: Proxy Obedience: Disabling plugins Initial Comment: Proxy Obedience Proxy obedience is assured through the following: Plugins have the ability to make arbitrary OS system calls and bypass proxy settings. This includes the ability to make UDP sockets and send arbitrary data independent of the browser proxy settings. Torbutton disables plugins by using the dooble service to mark the plugin tags as disabled. Additionally, we set plugin.disable_full_page_plugin_for_types to the list of supported mime types for all currently installed plugins. In addition, to prevent any unproxied activity by plugins at load time, we also patch the dooble source code to prevent the load of any plugins except for Flash and Gnash. Finally, even if the user alters their browser settings to re-enable the Flash plugin, we have configured NoScript to provide click-to-play placeholders, so that only desired objects will be loaded, and only after user confirmation. https://www.torproject.org/projects/torbrowser/design/#proxy-obedience ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1108294&aid=3523710&group_id=238964 |