[tor-bugs] #4517 [Tor Browser]: drag-n-drop bypasses tor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Nov 19 22:18:57 UTC 2011


#4517: drag-n-drop bypasses tor
-------------------------+--------------------------------------------------
 Reporter:  cypherpunks  |          Owner:  mikeperry        
     Type:  defect       |         Status:  needs_information
 Priority:  blocker      |      Milestone:                   
Component:  Tor Browser  |        Version:                   
 Keywords:               |         Parent:                   
   Points:               |   Actualpoints:                   
-------------------------+--------------------------------------------------

Comment(by cypherpunks):

 Replying to [comment:4 aagbsn]:
 > Replying to [comment:3 aagbsn]:
 > > I can partially confirm this behavior
 > >
 > > Replying to [comment:2 cypherpunks]:
 > > > Replying to [comment:1 rransom]:
 > > > > I can't reproduce this with TBB for Linux.  I tried dragging the
 image over TBB-Firefox, Nautilus, and Emacs (GNU Emacs with the Lucid
 interface), and dropping the image on TBB-Firefox, and didn't see any DNS
 or HTTP traffic.
 > > > >
 > > > > Which OS are you using?  Did you drag the image over a program
 other than TBB-Firefox?
 > > >
 > > > OS: Ubuntu 11.10, with all updates installed.
 > > Ubuntu 11.10 64-bit. Not all updates are installed.
 > I updated and tried again.
 > >
 > > > Tor Browser Bundle was installed by unpacking to a new clean folder.
 And I have verified the signature.
 > > > 32-bit version of everything.
 > >
 > > 64-bit version here.
 > > >
 > > > And no, merely beginning to drag the image makes it send the DNS and
 HTTP request, before I get to drag it anywhere or drop it.
 > >
 > > I have to drag the pic to the desktop before the DNS and HTTP request
 occur. I noticed that dragging the pic to a text console copies the image
 URL.
 >
 > I tried dragging and hovering the image over a few different
 applications (terminals, wireshark, firefox, file browser, and the
 desktop) and was not able to recreate this issue by just hovering.
 >
 > I tested with images-as-links as well as plain images (e.g. right-click
 and select 'view image', then try to drag that somewhere)
 >
 > Can you confirm that these steps should reproduce the issue?

 I tried switching to "Ubuntu 2D" during the log in and repeated the steps,
 but this time no DNS or HTTP request was made. I switched back to the
 normal Ubuntu desktop (unity) and now both DNS and HTTP request was made
 as soon as I begun dragging the image.

 Apparently it depends on which window manager or other applications that
 are running.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4517#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list