X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=www-client%2Ftorbrowser%2Ffiles%2F11.0%2F0007-Block-all-plugins-except-flash.patch;fp=www-client%2Ftorbrowser%2Ffiles%2F11.0%2F0007-Block-all-plugins-except-flash.patch;h=b850f62a07741f4bfb9a5cc28db914a575eb87dc;hb=a4153e297b584abb4d950fa3bcceda4029cf6e83;hp=0000000000000000000000000000000000000000;hpb=29554343a4cf15cbf54badafb3d9c59f4bfcdce8;p=~andy%2Fsunrise diff --git a/www-client/torbrowser/files/11.0/0007-Block-all-plugins-except-flash.patch b/www-client/torbrowser/files/11.0/0007-Block-all-plugins-except-flash.patch new file mode 100644 index 000000000..b850f62a0 --- /dev/null +++ b/www-client/torbrowser/files/11.0/0007-Block-all-plugins-except-flash.patch @@ -0,0 +1,85 @@ +From 10873c626d038b520853539d45a170919d6d0361 Mon Sep 17 00:00:00 2001 +From: Mike Perry +Date: Wed, 1 Feb 2012 15:50:15 -0800 +Subject: [PATCH 07/13] Block all plugins except flash. + +We cannot use the @mozilla.org/extensions/blocklist;1 service, because we +actually want to stop plugins from ever entering the browser's process space +and/or executing code (for example, AV plugins that collect statistics/analyse +urls, magical toolbars that phone home or "help" the user, skype buttons that +ruin our day, and censorship filters). Hence we rolled our own. + +See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings +on a better way. Until then, it is delta-darwinism for us. +--- + dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++++ + dom/plugins/base/nsPluginHost.h | 2 ++ + 2 files changed, 35 insertions(+), 0 deletions(-) + +diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp +index 7fe18b2..d76c4ca 100644 +--- a/dom/plugins/base/nsPluginHost.cpp ++++ b/dom/plugins/base/nsPluginHost.cpp +@@ -1982,6 +1982,35 @@ bool nsPluginHost::IsDuplicatePlugin(nsPluginTag * aPluginTag) + return false; + } + ++PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile) ++{ ++ nsCString leaf; ++ const char *leafStr; ++ nsresult rv; ++ ++ rv = pluginFile->GetNativeLeafName(leaf); ++ if (NS_FAILED(rv)) { ++ return PR_TRUE; // fuck 'em. blacklist. ++ } ++ ++ leafStr = leaf.get(); ++ ++ if (!leafStr) { ++ return PR_TRUE; // fuck 'em. blacklist. ++ } ++ ++ // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin, ++ // NPSWF32.dll, NPSWF64.dll ++ if (strstr(leafStr, "libgnashplugin") == leafStr || ++ strstr(leafStr, "libflashplayer") == leafStr || ++ strstr(leafStr, "Flash Player") == leafStr || ++ strstr(leafStr, "NPSWF") == leafStr) { ++ return PR_FALSE; ++ } ++ ++ return PR_TRUE; // fuck 'em. blacklist. ++} ++ + typedef NS_NPAPIPLUGIN_CALLBACK(char *, NP_GETMIMEDESCRIPTION)(void); + + nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, +@@ -2103,6 +2132,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, + continue; + } + ++ if (GhettoBlacklist(localfile)) { ++ continue; ++ } ++ + // if it is not found in cache info list or has been changed, create a new one + if (!pluginTag) { + nsPluginFile pluginFile(localfile); +diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h +index 5630b8d..f54bd32 100644 +--- a/dom/plugins/base/nsPluginHost.h ++++ b/dom/plugins/base/nsPluginHost.h +@@ -285,6 +285,8 @@ private: + // Loads all cached plugins info into mCachedPlugins + nsresult ReadPluginInfo(); + ++ PRBool GhettoBlacklist(nsIFile *pluginFile); ++ + // Given a file path, returns the plugins info from our cache + // and removes it from the cache. + void RemoveCachedPluginsInfo(const char *filePath, +-- +1.7.5.4 +