[tor-bugs] #19206 [Applications/Tor Browser]: SOCKS isolation should include a process identifier.

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 31 15:10:05 UTC 2016


#19206: SOCKS isolation should include a process identifier.
--------------------------------------+--------------------------
 Reporter:  yawning                   |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by yawning):

 Replying to [comment:2 arthuredelstein]:
 > Another possible option would be to use a random string per first-party
 domain (such as a random UUID for the password). That would mean we don't
 have to obtain the PID.

 This would work as well, obtaining enough randomness to ensure collisions
 are unlikely is dirt cheap, and I assume changing the new circuit for site
 behavior to simply re-randomize is easy enough.

 Is there any advantage to this behavior being configurable (beyond
 https://xkcd.com/1172/)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19206#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list