[tbb-bugs] #17208 [Tor Browser]: New reported disk leaks in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 2 15:32:08 UTC 2015


#17208: New reported disk leaks in Tor Browser
---------------------------------+---------------------------
     Reporter:  arthuredelstein  |      Owner:  tbb-team
         Type:  defect           |     Status:  new
     Priority:  normal           |  Milestone:
    Component:  Tor Browser      |    Version:
   Resolution:                   |   Keywords:  tbb-disk-leak
Actual Points:                   |  Parent ID:
       Points:                   |    Sponsor:
---------------------------------+---------------------------

Comment (by teor):

 Replying to [comment:2 arthuredelstein]:
 > Replying to [comment:1 teor]:
 > > Also see #17188, if we do randomise this, we should randomly
 *subtract* some time from the times written in the file.
 >
 > Unfortunately, in the case given in the presentation above, we would
 perhaps need to subtract hours or days to sufficiently protect the user.
 How much time could be subtracted before we lose the benefits of
 LastWritten?
 >
 > Is there any alternative way for tor to detect clock changes without
 storing the last usage on disk?

 Tor already detects clock changes by making a TLS connection to the
 authorities, and using the time they provide. #17188 is simply an
 additional warning that happens early during startup when we read the
 state file, rather than later when we make a connection.

 If we have to lose it, or make it less reliable, that's ok.
 (We might also want to consider removing LastWritten entirely.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17208#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list