[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.

Subject: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 30 Aug 2015 06:24:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 30 Aug 2015 02:24:22 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
---------------------------+----------------------------------
 Reporter:  DrMikeTwiddle  |          Owner:  tbb-team
     Type:  defect         |         Status:  new
 Priority:  critical       |      Milestone:
Component:  Tor Browser    |        Version:  Tor: unspecified
 Keywords:                 |  Actual Points:
Parent ID:                 |         Points:
---------------------------+----------------------------------
 Someone recently posted this bug:

 https://trac.torproject.org/projects/tor/ticket/16813

 Which describes what appeared to be a serious DNS leak from Tor to the
 Linux systemâs DNS management, nscd.

 But the same thing is happening on OS X with mDNSResponder.

 The following command: sudo killall -INFO mDNSResponder will dump the
 contents of the DNS cache to system.log.

 And within that I found one site that has *only* been visited via Tor
 Browser.

 Iâm not sure why it was only one after a heavy Tor session, and subsequent
 attempts to repeat this have not reproduced the problem.

 Now Iâve learned this isnât new, others have commented the same in the
 past:

 https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-
 by-default-on-mac-os-x/comment-page-1/#comment-965581

 https://maymay.net/blog/2013/02/20/howto-use-tor-for-all-network-traffic-
 by-default-on-mac-os-x/comment-page-1/#comment-995659

 I actually tested recent Tor Browser versions quite thoroughly from time
 to time with tcpdump and inspecting the dump either by grepping for IP
 addresses other than the expected entry node or inspecting in Wireshark
 and have never seen a âliveâ DNS leak from Tor yet.

 But itâs difficult to tell from the mDNSResponder dump in system.log if
 mDNSResponder is sometimes trying to look up domains visited over Tor in
 clearnet.

 The comments in the above 2 links believe that is the case and they
 recommend mDNSResponder has to be disabled before Tor use.

 The entry of the mDNSResponder dump in system log was:

 Aug 30 02:29:23 mymachine mDNSResponder[39]:  78      4252 -U-      Addr
 4 tor-only-visited-site.com Addr 123.123.123.123


 Can we get some *urgent* clarification about how Tor Browser is handling
 this ?

 Is it merely the case that the system DNS service has to have access to
 sites Tor is connecting to but isnât actually doing any DNS lookups in the
 clear but they are just (sometimes?) ending up in its cache?

 Or is it the case that if DNS look ups over Tor fail or stall they being
 passed to the system to âhave a goâ ? Can we get some answers please,
 because the information is currently extremely vague.

 Note I believe in more recent versions of OS X mDNSResponder has been
 replaced with  a service called discoveryd, but Iâm using not using these
 later versions.

 Tor Browser version is the latest 5.02 OS X

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #11678 [Ponies]: integrate stripe into the donations page
Next by Author: Re: [tor-bugs] #16813 [Tor Browser]: Tor Browser + nscd leaks Tor DNS to System Cache to System DNS Servers
Previous by thread: Re: [tor-bugs] #16925 [Tor Browser]: HTML5 video and audio are live on the page with Security Slider set to highest
Next by thread: Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
Index(es):
- Author
- Thread