[tor-bugs] #32857 [Applications]: File parts are being automatically downloaded to /tmp
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 30 01:55:24 UTC 2019
#32857: File parts are being automatically downloaded to /tmp
------------------------------+------------------------------
Reporter: g4vin0leary | Owner: (none)
Type: defect | Status: new
Priority: High | Component: Applications
Version: Tor: unspecified | Severity: Normal
Keywords: torbrowser /temp | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+------------------------------
In the tor browser (version 9.0.2), on linux (Mint 19.3), upon clicking on
a download link, the browser immediately starts saving a file in the /tmp
folder (or whatever folder currently set in the TMPDIR env variable).
For example, if you go to the Tails download page:
https://tails.boum.org/install/vm-download/index.en.html
And click on the link to download the iso directly, you will
instantaneously see a new file in the /tmp folder.
Example of downloaded file:
/tmp/mozilla_user123/1Dxw3tAv.iso.part
I don't know about you, but to me that is extremely concerning for people
using the tor browser on a regular operating system.
Someone aware of the fact and fairly technical can take preventive
measures (such as setting the TMPDIR env variable or mounting /tmp as
tmpfs), but the casual user is truly screwed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32857>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list