[tor-bugs] #2918 [Tor bundles/installation]: Audit pidgin for leaks and other privacy issues
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Apr 15 09:05:35 UTC 2011
#2918: Audit pidgin for leaks and other privacy issues
--------------------------------------+-------------------------------------
Reporter: ioerror | Owner: ioerror
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by ioerror):
Replying to [comment:13 mikeperry]:
> I think protocols have enough behavioural reaction nonsense in them that
we actually need to check the source for proxy bypass leaks rather than
just blackbox + wireshark (ie direct connect, send file, voice/video,
etc).
I agree - I've been reading the source and my Jabber patch for #1676 is
the result.
>Is grepping the plugin source for network socket syscalls a feasible
idea? Does Pidgin export non-proxied versions of any of its network
functions? It's been years since I looked at the source.
Yeah, you can go that route. I prefer to 0) think about the protocol in
question: AIM vs XMPP? Very different DNS requirements 1) use the protocol
with a debug window open, 2) use wireshark 3) narrow down the code path
for leaks or 4) just read the entire protocol source plugin and perform
1-3 to confirm the patches or fixes work properly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2918#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list