[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user

To: undisclosed-recipients: ;
Subject: [tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 24 Oct 2017 01:23:53 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 23 Oct 2017 21:24:06 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23963: Tor Browser can use a Tor that's running under another user
------------------------------------------+----------------------
     Reporter:  teor                      |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 I've discovered an issue where Tor Browser fails to launch tor, but
 still connects to websites via whatever SOCKS proxy is running on port
 9150.

 I believe this issue only happens in Tor Browser 7.0 and later, because
 of the multiprocess feature. I believe it only happens on macOS, due to
 the way Tor Browser is launched to open links. But I haven't tested any
 other versions or platforms.

 I'm using Tor Browser 7.0.5 on macOS 10.12.6

 Here are the steps to reproduce:
 1. Open a copy of Tor Browser in one user account
 2. Switch to a second user account
 3. Set Tor Browser as the default browser
 4. Make sure Tor Browser is quit
 5. Open a link by right-clicking on the link text and selecting "open URL"
 (or by double-clicking a webloc file in Finder, or clicking a link in any
 rendered HTML, such as a Mail message)

 Tor Browser fails to launch tor, but opens the link in a browser window
 behind Tor launcher, and loads the link content via whatever SOCKS
 proxy is running on port 9150. (In this case, another tor instance run
 by another user.)

 This could also happen using another instance of Tor Browser run by the
 same user, but it's harder to reproduce, because links typically open
 in the instance of the default browser that's already open.

 I don't know if update checks or downloads occur over an untrusted
 SOCKSPort, but I haven't seen any update notifications appear in my
 testing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23963>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #23693 [Core Tor/Tor]: 0.3.1.7: Assertion threadpool failed in cpuworker_queue_work
Next by Author: Re: [tor-bugs] #23930 [Applications/Tor Browser]: Tor Browser 7.x for Mac crashes at startup
Previous by thread: Re: [tor-bugs] #23962 [Metrics/Onionoo]: Allow searching by bridges by version with the version parameter
Next by thread: Re: [tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user
Index(es):
- Author
- Thread