[tbb-bugs] #18588 [Tor Browser]: Downloader writes file to $TMPDIR without consent

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Mar 20 15:50:13 UTC 2016

#18588: Downloader writes file to $TMPDIR without consent
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
 I'm using hardened tor browser a6. I expected it will not store metadata
 of my browser usage without consent. Under the general prefs I've said
 "always ask me where to save files". But I ran strace and saw it was
 saving to $TMPDIR while the directory selector popup was visible.

 OK, I said "automatically download files from now on" on an earlier dialog
 but to me that implied "according to my settings", and if I say "ask me" I
 expect it to not write anywhere other than selected. My default "download"
 directory is symlinked to an encrypted filesystem, but that's not even
 where it went by default! (And note that because I've clicked
 "automatically" and told Firefox to always download rather than open, a
 site can cause this to happen automatically by sending me certain

 I guess I was clever because I'd pointed $TMPDIR to a tmpfs in
 anticipation of stuff like this (from *other* programs, ones that aren't
 security-focused), and of course my swap is encrypted with a random key.
 But Debian doesn't have it as a default configuration (yet?).

 Please don't write anything to disk until a directory is selected. Until
 that's done, setting $TMPDIR to $XDG_RUNTIME_DIR/tbb/ in the startup
 script would reduce the risks (space usage could be a problem, and
 $XDG_RUNTIME_DIR might be unset if the user's not using systemd).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18588>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list