[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows/macOS UI dialog with URI

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows/macOS UI dialog with URI
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 01 Jul 2019 09:26:01 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Jul 2019 05:26:12 -0400
In-reply-to: <046.9d93d37b3486936642d87f6ea4fffb2f@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.9d93d37b3486936642d87f6ea4fffb2f@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18101: IP leak from Windows/macOS UI dialog with URI
-------------------------------------------------+-------------------------
 Reporter:  uileak                               |          Owner:
                                                 |  arthuredelstein
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:  tbb-disk-leak, tbb-proxy-bypass,     |  Actual Points:
  TorBrowserTeam201906R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:88 mcs]:
 > Replying to [comment:84 gk]:
 > > Okay, let's get this on our radar again to squash this bug finally.
 `bug_18101` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/commit/?h=bug_18101) in my `tor-browser` repo has the patch
 ideas Arthur and a cypherpunk/ericlaw came up with for (re)-review.
 > >
 > > mcs/brade: could you take the macOS part?
 >
 > It is unclear how to produce an IP address leak on macOS 10.9 or newer.
 As teor mentioned in comment:9, Apple seems to have removed features years
 ago that allowed URLs to be entered in the file open and file save panels.
 At least, Kathy and I do not know how to do so.

 If we are sure those features got removed in 10.9 (and later) and/or you
 don't see any leaks in Wireshark on 10.9 (and later), then let's declare
 victory and just omit the patch Arthur wrote?

 > Looking at the patch, it is also unclear what effect the `[NSOpenPanel
 setCanDownloadUbiquitousContents:NO]` call has (the documentation does
 makes it sound like setting it to `NO` is a good idea).
 >
 > In any case, that API requires macOS 10.10 or newer (as documented here
 https://developer.apple.com/documentation/appkit/nsopenpanel/1533418-candownloadubiquitouscontents?language=objc).
 To make sure, we tested a patched Tor Browser on a macOS 10.9.5 system,
 and indeed an exception was thrown which prevents the file open dialog
 from opening:
 >  ... firefox[...] -[NSOpenPanel setCanDownloadUbiquitousContents:]:
 unrecognized selector sent to instance 0x10bbc5270
 >  ... firefox[...] Mozilla has caught an Obj-C exception
 [NSInvalidArgumentException: -[NSOpenPanel
 setCanDownloadUbiquitousContents:]: unrecognized selector sent to instance
 0x10bbc5270]
 >
 > We would need to add a runtime check to make sure that API is available.
 If we do use `setCanDownloadUbiquitousContents`, we may also want to add a
 similar call inside `nsFilePicker::GetLocalFolder()` (also in
 `widget/cocoa/nsFilePicker.mm`).

 Fair enough. But let's actually double-check whether we still need to do
 that patching (Arthur at least seemed under the impression there would be
 work we needed to do given that `setCanDownloadUbiquitousContents` was not
 set to `NO`).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18101#comment:89>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5304 [Circumvention/Obfs4]: Obfsproxy should respect OutboundBindAddress in torrc
Next by Author: Re: [tor-bugs] #31075 [Applications/Tor Browser]: Consider dropping browser patch for 26353
Previous by thread: Re: [tor-bugs] #31010 [Applications/Tor Browser]: Rebase Tor Browser mobile/ patches for Firefox ESR 68
Next by thread: Re: [tor-bugs] #30849 [Applications/Tor Browser]: Backport fixes for bug 1552627 and 1549833
Index(es):
- Author
- Thread