[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Firefox security bug (proxy-bypass) in current TBBs



On 5/3/12 7:26 PM, unknown wrote:
> On Wed, 2 May 2012 22:43:52 +0000
> Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> 
>> See https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
>> for the security advisory.
>>
>>
>> Robert Ransom
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> 
> Any potential DNS-leakage can be prevented with iptables (Debian GNU/Linux way):

Well, this can also be prevented if the "starter" of TBB would be a
binary/executable rather than a shell script, and that binary executable
would provide "LD_PRELOAD" tsocks like approach wrapping the connect().

That way the entire TBB will run over the TBB_STARTER that will provide
an "application-level" firewall that would prevent any kind of socket
API to get-out directly.

-naif
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk