[tor-bugs] #25737 [Applications/Tor Browser]: Tor Browser's update check bypassed Tor once on macos, because of xpcproxy?

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 10 17:11:59 UTC 2018 

#25737: Tor Browser's update check bypassed Tor once on macos, because of xpcproxy?
--------------------------------------+--------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by tom):

 I talked with haik a bit also:

 {{{
 11:22:27 H<haik> In some cases I see it being called with "xpcproxy
 org.mozilla.firefox.14156"
 11:22:53 H<haik> That 14156 is not a PID.
 11:24:11 H<haik> Maybe turning on launchd logging can shed some light on
 what we're doing to trigger it. It's always started by launchd.
 11:25:28 T<tjr> Hm. xpcproxy org.mozilla.firefox.14156    that first bit
 seems like a signing certificate or package identifier; but sure about the
 14156 though. Maybe a port?
 11:26:09 H<haik> Yeah maybe a port.
 11:28:56 H<haik> So instructing the user to run "ps -ef|grep xpcproxy"
 might give us the arguments to xpcproxy at the time. Since it's basically
 a launcher, we want to know what it's launching that is doing the https
 requests.
 11:29:33 H<haik> Or any way they can get the full command with arguments.
 11:36:11 H<haik> OK, I think I have the logging setup locally so I should
 see what the arguments are if it happens.
 12:05:27 H<haik> If you start the browser through Spotlight, it is started
 by xpcproxy
 12:08:00 H<haik> And if you start it through Finder
 12:10:28 H<haik> Hold on, not sure, "xpcproxy /Applications/.../firefox"
 is run, but not sure if that starts it
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25737#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list