Opened 7 years ago

Last modified 20 months ago

#6821 new defect

TBB startup script should clear env vars which TorBrowserButton would read

Reported by: rransom Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: needs-triage
Cc: proper, adrelanos@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The TBB startup script should explicitly unset all environment variables whose values TorBrowserButton reads.

Child Tickets

Change History (7)

comment:1 Changed 7 years ago by mikeperry

I dunno. I designed TOR_TRANSPROXY in #6254 so that a command line user could easily override the use of Vidalia+Tor...

I actually think our startup script should be more friendly for people who want to create wrappers for alternate launch modes for things like Tails or for use with a system tor instance.

comment:2 in reply to:  1 ; Changed 7 years ago by rransom

Replying to mikeperry:

I dunno. I designed TOR_TRANSPROXY in #6254 so that a command line user could easily override the use of Vidalia+Tor...

I think that most users do not understand environment variables (based on the fact that some developers of Tor products have not understood them in the recent past). I think that users who do understand environment variables can edit the script (or write a replacement from scratch) themselves, and users who do not understand them should use canned scripts prepared (or at least reviewed) by people who do understand them.

I actually think our startup script should be more friendly for people who want to create wrappers for alternate launch modes for things like Tails or for use with a system tor instance.

If a user unintentionally runs TBB with the TOR_TRANSPROXY environment variable set, they have lost their anonymity completely. If Tails or some other product which configures TorBrowser to use a system Tor cannot pass the TOR_TRANSPROXY environment variable through the start-tor-browser script, they will have to ship their own script -- which they would have to do anyway in order to launch the browser without an extraneous instance of Vidalia.

comment:3 Changed 7 years ago by mikeperry

Cc: proper adrelanos@… added

I could believe your arguments, except I know I personally hate to have to keep editing the startup script, especially since it just gets overwritten every two weeks with TBB updates... But I also don't feel too strongly, so long as proper or someone maintains a collection of these things to be used outside of TBB to launch it.

I don't think the anonymity argument is as serious as you make it though. The env var only alters the actual current proxy settings if we're known to be in a TBB profile.. I'm assuming such a profile will load check in the clear, and immediately tell you it failed to use Tor. It sort of sucks to hit check directly, but that's also a different issue (#6546).

comment:4 in reply to:  2 Changed 7 years ago by proper

Replying to rransom:

If a user unintentionally runs TBB with the TOR_TRANSPROXY environment variable set, they have lost their anonymity completely.

How could that happen?

If Tails or some other product which configures TorBrowser to use a system Tor cannot pass the TOR_TRANSPROXY environment variable through the start-tor-browser script, they will have to ship their own script -- which they would have to do anyway in order to launch the browser without an extraneous instance of Vidalia.

Not necessarily. See #5611 variable TB_STANDALONE.

comment:5 Changed 5 years ago by erinn

Keywords: needs-triage added

comment:6 Changed 5 years ago by erinn

Component: Tor bundles/installationTor Browser
Owner: changed from erinn to tbb-team

comment:7 Changed 20 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.