[tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 31 00:25:49 UTC 2015
#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
-------------------------------+------------------------------
Reporter: DrMikeTwiddle | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version: Tor: unspecified
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------------+------------------------------
Comment (by teor):
Some further information on OS X, mDNSResponder, and discoveryd:
discoveryd was a buggy replacement for mDNSResponder included in OS X
Yosemite 10.10.0 - 10.10.3 inclusive. It was removed in 10.10.4.
http://www.macrumors.com/2015/06/30/apple-releases-os-x-10-10-4/
Some further information on LittleSnitch:
It seems unlikely that LittleSnitch is parsing hostnames from the middle
of a SOCKS5 packet and looking them up. However, its domain-name based
filter feature requires it to watch DNS requests and keep a record of name
to IP mappings (reverse DNS doesn't work, so it doesn't use it).
"It therefore watches all DNS requests and responses on UDP and
TCP
ports 53 and 5353, and remembers the names which led to a particular IP
address"
https://www.obdev.at/ftp/pub/Products/LittleSnitch/LittleSnitch-
Documentation-1.1.pdf
LittleSnitch needs to look at source and destination IPs in the IP headers
of all packets sent and received by OS X. But for Tor Browser <-> Tor,
this would be localhost <-> localhost.
It's unclear whether it parses packets from protocols FTP or SOCKS.
https://www.obdev.at/products/littlesnitch/index.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list