[tor-bugs] #7449 [Firefox Patch Issues]: TorBrowser creates temp files in Linux /tmp during the file downloads dialog

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Nov 11 22:46:32 UTC 2012


#7449: TorBrowser creates temp files in Linux /tmp during the file downloads
dialog
----------------------------------+-----------------------------------------
 Reporter:  unknown               |          Owner:  mikeperry
     Type:  defect                |         Status:  new      
 Priority:  normal                |      Milestone:           
Component:  Firefox Patch Issues  |        Version:           
 Keywords:                        |         Parent:           
   Points:                        |   Actualpoints:           
----------------------------------+-----------------------------------------
 1. Open a webpage with downloadable links (http://arxiv.org/abs/1207.5216
 for example).
   2. Select file to download (pdf for example:
 http://arxiv.org/pdf/1207.5216v2).
   3. See the dialog: {{{External application is needed to handle}}} with
 two buttons: {{{launch}}} and {{{cancel}}}.
   4. Only launch is available to start download. Select it.
   5. Second dialog asks to open with {{{/usr/bin/xpdf (default)}}} or
 {{{Save}}}.
   6. Don't press {{{Save}}} immediately. See in a terminal random name of
 file, sometimes with a part of contents:
 {{{
  ls -la /tmp
  $ file /tmp/oeXvw4D+.pdf.part
  /tmp/oeXvw4D+.pdf.part: PDF document, version 1.5
  }}}
   Tbb ignored {{{tor-browser_en-US/tmp}}} and use system /tmp
   7. After pressing {{{Save}}} file removed from /tmp.

 This behaviour potentially affects users local anonimity with unencrypted
 and non-attached to memory system /tmp dirs; and affects users with
 portable TorBrowser versions. Partially downloaded files will saved in
 /tmp in the cases of TBB crushes or not completely erased. Will be
 preferably to isolate TorBrowser activity in user local catalogs only.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7449>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list