[tbb-bugs] #24755 [Applications/Tor Browser]: Shell scripts refactoring and bash privacy leak. Heredoc should not be used in start-tor-browser script.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 3 05:43:53 UTC 2018
#24755: Shell scripts refactoring and bash privacy leak. Heredoc should not be used
in start-tor-browser script.
--------------------------------------+--------------------------
Reporter: asan | Owner: tbb-team
Type: defect | Status: assigned
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Minor | Resolution:
Keywords: tbb-disk-leak | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by asan):
> It seems that setting `TMPDIR` to a `tmp` directory inside the Tor
Browser directory at the beginning of `start-tor-browser` would solve the
issue with `<<`
Your solution looks working. However, if you want to set temporary
directories for the script correctly, it would be logical to set them in a
way which resolves
[[https://trac.torproject.org/projects/tor/ticket/7449|#7449]] too.
> There are also other things in this script, which are often considered
to be a bad practice. In particular
I would add also another point: `echo`
[[https://unix.stackexchange.com/questions/65803/why-is-printf-better-
than-echo|must]] be replaced by `printf` everywhere.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24755#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list