From b688d34e42ee5607e25254c2b552275e28ba17cc Mon Sep 17 00:00:00 2001 From: Mike Perry Date: Tue, 4 Dec 2012 16:03:13 -0800 Subject: [PATCH] Bug 3547: Block all plugins except flash. We cannot use the @mozilla.org/extensions/blocklist;1 service, because we actually want to stop plugins from ever entering the browser's process space and/or executing code (for example, AV plugins that collect statistics/analyse urls, magical toolbars that phone home or "help" the user, skype buttons that ruin our day, and censorship filters). Hence we rolled our own. See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings on a better way. Until then, it is delta-darwinism for us. --- dom/plugins/base/nsPluginHost.cpp | 33 +++++++++++++++++++++++++++++++ dom/plugins/base/nsPluginHost.h | 2 ++ 2 files changed, 35 insertions(+) diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp index 6ee23f38bc4da..83363764b642a 100644 --- a/dom/plugins/base/nsPluginHost.cpp +++ b/dom/plugins/base/nsPluginHost.cpp @@ -2057,6 +2057,35 @@ nsPluginHost::ShouldAddPlugin(nsPluginTag* aPluginTag) #endif // defined(XP_WIN) && (defined(__x86_64__) || defined(_M_X64)) } +PRBool nsPluginHost::GhettoBlacklist(nsIFile *pluginFile) +{ + nsCString leaf; + const char *leafStr; + nsresult rv; + + rv = pluginFile->GetNativeLeafName(leaf); + if (NS_FAILED(rv)) { + return PR_TRUE; // fuck 'em. blacklist. + } + + leafStr = leaf.get(); + + if (!leafStr) { + return PR_TRUE; // fuck 'em. blacklist. + } + + // libgnashplugin.so, libflashplayer.so, Flash Player-10.4-10.5.plugin, + // NPSWF32.dll, NPSWF64.dll + if (strstr(leafStr, "libgnashplugin") == leafStr || + strstr(leafStr, "libflashplayer") == leafStr || + strstr(leafStr, "Flash Player") == leafStr || + strstr(leafStr, "NPSWF") == leafStr) { + return PR_FALSE; + } + + return PR_TRUE; // fuck 'em. blacklist. +} + void nsPluginHost::AddPluginTag(nsPluginTag* aPluginTag) { @@ -2203,6 +2232,10 @@ nsresult nsPluginHost::ScanPluginsDirectory(nsIFile *pluginsDir, continue; } + if (GhettoBlacklist(localfile)) { + continue; + } + // if it is not found in cache info list or has been changed, create a new one if (!pluginTag) { nsPluginFile pluginFile(localfile); diff --git a/dom/plugins/base/nsPluginHost.h b/dom/plugins/base/nsPluginHost.h index 27e90c991fdb7..e0c57bff4a0fa 100644 --- a/dom/plugins/base/nsPluginHost.h +++ b/dom/plugins/base/nsPluginHost.h @@ -338,6 +338,8 @@ private: // Loads all cached plugins info into mCachedPlugins nsresult ReadPluginInfo(); + PRBool GhettoBlacklist(nsIFile *pluginFile); + // Given a file path, returns the plugins info from our cache // and removes it from the cache. void RemoveCachedPluginsInfo(const char *filePath, -- GitLab