[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Firefox security bug (proxy-bypass) in current TBBs

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Firefox security bug (proxy-bypass) in current TBBs
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Fri, 04 May 2012 07:27:35 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 04 May 2012 01:27:53 -0400
In-reply-to: <20120503172739.0717623FC1@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CABqy+soUVc5VLT-c+N8cNr0k+V4-XjgTVXruMLcLDtmA_ngT4A@xxxxxxxxxxxxxx> <20120503172739.0717623FC1@xxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

On 5/3/12 7:26 PM, unknown wrote:
> On Wed, 2 May 2012 22:43:52 +0000
> Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> 
>> See https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
>> for the security advisory.
>>
>>
>> Robert Ransom
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> 
> Any potential DNS-leakage can be prevented with iptables (Debian GNU/Linux way):

Well, this can also be prevented if the "starter" of TBB would be a
binary/executable rather than a shell script, and that binary executable
would provide "LD_PRELOAD" tsocks like approach wrapping the connect().

That way the entire TBB will run over the TBB_STARTER that will provide
an "application-level" firewall that would prevent any kind of socket
API to get-out directly.

-naif
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Firefox security bug (proxy-bypass) in current TBBs
  - From: unknown

References:
- [tor-talk] Firefox security bug (proxy-bypass) in current TBBs
  - From: Robert Ransom
- Re: [tor-talk] Firefox security bug (proxy-bypass) in current TBBs
  - From: unknown

Prev by Author: Re: [tor-talk] google analytics says it can track across separate domains
Next by Author: Re: [tor-talk] "*.onion" performance tru "onion.to"
Previous by thread: Re: [tor-talk] testing TBBs
Next by thread: Re: [tor-talk] Firefox security bug (proxy-bypass) in current TBBs
Index(es):
- Author
- Thread