[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23249 [Applications/Tor Browser]: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using SOCKS v5" is enabled

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #23249 [Applications/Tor Browser]: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using SOCKS v5" is enabled
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 18 Aug 2017 14:27:49 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 18 Aug 2017 10:27:58 -0400
In-reply-to: <059.611ea904feccb41030d9bfaa5a7209d6@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <059.611ea904feccb41030d9bfaa5a7209d6@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23249: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using
SOCKS v5" is enabled
--------------------------------------+---------------------------
 Reporter:  lux+tor@…                 |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:  not a bug
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+---------------------------
Changes (by boklm):

 * status:  reopened => closed
 * resolution:   => not a bug


Comment:

 The hosts file on a system can contain many entries, including some that
 could cause Tor Browser to do unexpected things, or do not make any sense
 in the context of using Tor Browser.

 One of the main properties in the Tor Browser design is "State
 Separation":
 https://www.torproject.org/projects/torbrowser/design/#security

   The browser MUST NOT provide the content window with any state from any
 other browsers or any non-Tor browsing modes. This includes shared state
 from independent plugins, and shared state from operating system
 implementations of TLS and other support libraries.

 Using the hosts files to resolve host names would be against that
 property.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23249#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #23249 [- Select a component]: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using SOCKS v5" is enabled
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #23272 [- Select a component]: File group is wrong?
Next by Author: Re: [tor-bugs] #23304 [Core Tor/Tor]: prop224: Dump a malformed descriptor in a file and log_warn about it
Previous by thread: Re: [tor-bugs] #23249 [Applications/Tor Browser]: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using SOCKS v5" is enabled
Next by thread: Re: [tor-bugs] #23249 [Applications/Tor Browser]: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using SOCKS v5" is enabled
Index(es):
- Author
- Thread