[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.

Subject: Re: [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 31 May 2016 15:10:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 31 May 2016 11:10:16 -0400
In-reply-to: <047.9a664d3f8824c92414d8296cc0edc13b@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.9a664d3f8824c92414d8296cc0edc13b@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#19206: SOCKS isolation should include a process identifier.
--------------------------------------+--------------------------
 Reporter:  yawning                   |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by yawning):

 Replying to [comment:2 arthuredelstein]:
 > Another possible option would be to use a random string per first-party
 domain (such as a random UUID for the password). That would mean we don't
 have to obtain the PID.

 This would work as well, obtaining enough randomness to ensure collisions
 are unlikely is dirt cheap, and I assume changing the new circuit for site
 behavior to simply re-randomize is easy enough.

 Is there any advantage to this behavior being configurable (beyond
 https://xkcd.com/1172/)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19206#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #19210 [Applications/Tor Browser]: NoScript places WebM videos too late behind click-to-play in higher security levels
Next by Author: Re: [tor-bugs] #16873 [Metrics/metrics-lib]: add javadoc to metrics-lib
Previous by thread: Re: [tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.
Next by thread: [tor-bugs] #19207 [- Select a component]: Received http status code 504
Index(es):
- Author
- Thread