[tor-bugs] #23963 [Applications/Tor Browser]: Tor Browser can use a Tor that's running under another user

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 24 01:23:53 UTC 2017 

#23963: Tor Browser can use a Tor that's running under another user
------------------------------------------+----------------------
     Reporter:  teor                      |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 I've discovered an issue where Tor Browser fails to launch tor, but
 still connects to websites via whatever SOCKS proxy is running on port
 9150.

 I believe this issue only happens in Tor Browser 7.0 and later, because
 of the multiprocess feature. I believe it only happens on macOS, due to
 the way Tor Browser is launched to open links. But I haven't tested any
 other versions or platforms.

 I'm using Tor Browser 7.0.5 on macOS 10.12.6

 Here are the steps to reproduce:
 1. Open a copy of Tor Browser in one user account
 2. Switch to a second user account
 3. Set Tor Browser as the default browser
 4. Make sure Tor Browser is quit
 5. Open a link by right-clicking on the link text and selecting "open URL"
 (or by double-clicking a webloc file in Finder, or clicking a link in any
 rendered HTML, such as a Mail message)

 Tor Browser fails to launch tor, but opens the link in a browser window
 behind Tor launcher, and loads the link content via whatever SOCKS
 proxy is running on port 9150. (In this case, another tor instance run
 by another user.)

 This could also happen using another instance of Tor Browser run by the
 same user, but it's harder to reproduce, because links typically open
 in the instance of the default browser that's already open.

 I don't know if update checks or downloads occur over an untrusted
 SOCKSPort, but I haven't seen any update notifications appear in my
 testing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23963>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list