Page 1 of 1
Site adds itself to the permanent whitelist
Posted: Thu Sep 21, 2017 1:14 pm
by lancelot
Temporarily allow this address:
Then open this page:
Code: Select all
http://www.filecrypt.cc/helper.html?1505986612020
This gets added as a permanently allowed address:
Is this supposed to happen?
Re: Site adds itself to the permanent whitelist
Posted: Thu Sep 21, 2017 4:04 pm
by barbaz
Yes. You already allowed all of filecrypt.cc. NoScript is just making sure the specific full address is allowed.
Re: Site adds itself to the permanent whitelist
Posted: Thu Sep 21, 2017 10:23 pm
by lancelot
barbaz wrote:Yes. You already allowed all of filecrypt.cc. NoScript is just making sure the specific full address is allowed.
I allowed filecrypt temporarily. After the two actions described in my post, I see a new site whitelisted permanently. You know, showing in the Whitelist tab in a regular font and not in italics. "Revoke temporary permissions" does not remove that new entry.
Re: Site adds itself to the permanent whitelist
Posted: Fri Sep 22, 2017 1:34 am
by barbaz
Sorry, I missed that. No, that is not supposed to happen. The added permission is supposed to be temporary.
And indeed, I checked the site, and the added permission is temporary on my end.
One other thing while I'm here. That site sets off a lot of alarm bells. Here's one of them -
Code: Select all
$ dig cnl.filecrypt.cc
; <<>> DiG 9.10.3-P4-Ubuntu <<>> cnl.filecrypt.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16857
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cnl.filecrypt.cc. IN A
;; ANSWER SECTION:
cnl.filecrypt.cc. 1711 IN A 127.0.0.1
;; Query time: 12 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: xxxxxxxxxxxxxxxxxxxxxxxxxxx
;; MSG SIZE rcvd: 50
What the ****? That's like a total stranger creeping through your window at night and getting in bed with you while you're asleep. Is something
good about to happen to you in that situation?
Personally, I suggest running away. Fast.
Re: Site adds itself to the permanent whitelist
Posted: Fri Sep 22, 2017 1:41 pm
by therube
I see a new site whitelisted permanently
Cannot confirm here either.
Are you using Private Browsing?
That's like a total stranger creeping through your window at night and getting in bed with you while you're asleep.
Just what is it that they are doing there?
Re: Site adds itself to the permanent whitelist
Posted: Fri Sep 22, 2017 5:18 pm
by barbaz
therube wrote:Just what is it that they are doing there?
They are tricking your browser into treating
your computer as first-party to their site.
Similar use of DNS has been discussed before -
https://forums.informaction.com/viewtop ... 841#p75841
Re: Site adds itself to the permanent whitelist
Posted: Sun Sep 24, 2017 8:03 pm
by lancelot
therube wrote:I see a new site whitelisted permanently
Cannot confirm here either.
Are you using Private Browsing?
No, I have history enabled in Firefox and I'm not opening those links in a private window.
I tried opening the same links in Tor Browser (with NoScript updated to 5.0.10 and with scripts forbidden globally), and I'm seeing exactly the same behavior: I get a new whitelist entry that doesn't disappear when I restart Tor Browser.
Re: Site adds itself to the permanent whitelist
Posted: Sun Sep 24, 2017 8:29 pm
by therube
As a test, create a new, clean Profile.
Install only NoScript. Make no changes.
Open your site.
Temporarily Allow it.
Check NoScript's Whitelist.
Do the two .cc's show was Temporary or Permanant?
Restart FF & check again.
Re: Site adds itself to the permanent whitelist
Posted: Tue Sep 26, 2017 8:47 pm
by lancelot
Right, I found the relevant NoScript setting:
if I have "Cascade top document's permissions to 3rd party scripts" checked, everything's fine;
if I have it unchecked, I get the issue with the new permanent permission sneaking in. It's placed in the [System+Principal] section.
Re: Site adds itself to the permanent whitelist
Posted: Tue Sep 26, 2017 9:38 pm
by barbaz
Well this is weird. I don't see any problem on the linked site, but I can reproduce the bug using my local server. And I get other, very odd, possibly related behavior as well.
Firefox 55.0.3
NoScript 5.0.10rc4
new profile
STR:
1) set a server to listen on ports 80 and 8443, and put up these files -
port-test.html
Code: Select all
<!doctype html>
<body>
<script src="http://THE_SERVER:8443/noise.js"></script>
<script src="noise.js"></script>
<noscript>JavaScript Is Not Enabled</noscript>
</body>
noise.js
Code: Select all
var d = document.createElement('div');
d.textContent = document.currentScript.src + ' ran';
document.body.appendChild(d);
delete d;
Replace THE_SERVER with the actual domain, e.g. localfoo.test or whatever
2) visit http://THE_SERVER/port-test.html
3) Temporarily allow THE_SERVER
Expected results: In NoScript Options > Whitelist, there should be a
temporary permission for 'http://THE_SERVER:8443', and the page should say -
Code: Select all
http://THE_SERVER:8443/noise.js ran
http://THE_SERVER/noise.js ran
Actual results: There is a PERMANENT permission for 'http://THE_SERVER:8443', and the page says only -
Code: Select all
http://THE_SERVER:8443/noise.js ran
Reloading the page gives "JavaScript Is Not Enabled".
Forbid THE_SERVER, let the page reload, then Temporarily allow it again, let the page reload, and only then does it display as expected.