Opened 5 years ago

Last modified 15 months ago

#7449 needs_revision defect

TorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various places) during the file downloads dialog & when using internal browser video player

Reported by: unknown Owned by: mikeperry
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-disk-leak, tbb-firefox-patch
Cc: gk, brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

  1. Open a webpage with downloadable links (http://arxiv.org/abs/1207.5216 for example).
  2. Select file to download (pdf for example: http://arxiv.org/pdf/1207.5216v2).
  3. See the dialog: External application is needed to handle with two buttons: launch and cancel.
  4. Only launch is available to start download. Select it.
  5. Second dialog asks to open with /usr/bin/xpdf (default) or Save.
  6. Don't press Save immediately. See in a terminal random name of file, sometimes with a part of contents:
     ls -la /tmp
     $ file /tmp/oeXvw4D+.pdf.part 
     /tmp/oeXvw4D+.pdf.part: PDF document, version 1.5
    
    Tbb ignored tor-browser_en-US/tmp and use system /tmp
  7. After pressing Save file removed from /tmp.

This behaviour potentially affects users local anonimity with unencrypted and non-attached to memory system /tmp dirs; and affects users with portable TorBrowser versions. Partially downloaded files will saved in /tmp in the cases of TBB crushes or not completely erased. Will be preferably to isolate TorBrowser activity in user local catalogs only.

Child Tickets

TicketSummaryOwner
#11254Tor Browser bundle v3.5 fails to clean up cancelled downloads in Temp foldertbb-team

Attachments (1)

tor.png (88.4 KB) - added by tortestuser 3 years ago.
Image of tor creating files in global temp directory

Download all attachments as: .zip

Change History (17)

comment:1 Changed 5 years ago by mikeperry

  • Keywords tbb-disk-leak added

comment:2 Changed 5 years ago by gk

  • Cc g.koppen@… added

comment:3 Changed 5 years ago by unknown

A simple patch to the start script seems to be adequate solution:

--- start-tor-browser   2012-11-21 07:41:14.000000000 +0000
+++ start-tor-browser.test      2012-11-22 13:33:59.699580680 +0000
@@ -205,6 +205,9 @@
 export LDPATH
 export LD_LIBRARY_PATH
 
+TEMP="${HOME}/tmp/"
+export TEMP
+
 if [ "$debug" -eq 1 ]; then
        printf "\nStarting Vidalia now\n"
        cd "${HOME}"

comment:4 Changed 5 years ago by cypherpunks

Unadequate kludges.

3.3. Disk Avoidance
Design Goal:

    Tor Browser MUST (at user option) prevent all disk records of browser activity.

comment:5 Changed 5 years ago by mikeperry

  • Status changed from new to needs_revision

Actually, I think the two or three dialogs that we and Firefox throw up in the face of the user before saving a downloaded file satisfy the "at user option" bit of that goal. Changing the TEMP env var seems like a good plan to me.

But, how about a patch that works on all three platforms, though? Does that mean we should patch Vidalia, or can we set the equivalent env vars in the start exe/start app for Win+MacOS?

Changed 3 years ago by tortestuser

Image of tor creating files in global temp directory

comment:6 Changed 3 years ago by tortestuser

According to Design Document of the TorBrowser.
"The browser MUST NOT write any information that is derived from or that reveals browsing activity to the disk, or store it in memory beyond the duration of one browsing session, unless the user has explicitly opted to store their browsing history information to disk."
---

I can confirm this bug and the above principle are violated in windows 7 64bit by following steps 1-4, with the firefox 24 & tor browser bundle 3.5.1 and it has a related solution. Ensure the enviroment has the TEMP/TMP enviromental variable are set properly for each os to point to a relative directory and that the application honors that setting, and failing that, do not use api calls that create temp files that do not adhere to those enviromental variables. For my computer TEMP=C:\Users\tortestuser\AppData\Local\Temp according to Process Hacker, and that is where the files are created.

I have attached a picture (tor.png) with visual proof of the problem.

---

Edit: I also tested a batch file with the lines:

SET TEMP=T:\TEMP
"Start Tor Browser.exe"

And it succefully changed the enviroment variables used by tor.exe and firefox, but they were completely ignored and files continued to be saved to the %appdata%\temp folder, and mp4 videos to %AppData%\Temp\mozilla-temp-files\

So a fix needs to ensure both files downloaded and vidoes played in the browser are saved to the proper area.

Last edited 3 years ago by tortestuser (previous) (diff)

comment:7 Changed 3 years ago by tortestuser

  • Summary changed from TorBrowser creates temp files in Linux /tmp during the file downloads dialog to TorBrowser creates temp files in Linux /tmp & Windows %temp% during the file downloads dialog

comment:8 Changed 3 years ago by tortestuser

  • Summary changed from TorBrowser creates temp files in Linux /tmp & Windows %temp% during the file downloads dialog to TorBrowser creates temp files in Linux /tmp & Windows %temp% during the file downloads dialog & when using internal browser video player

comment:9 Changed 3 years ago by cypherpunks

OSX

file downloads dialog ~/Downloads
video player ~/Library/Caches/TemporaryItems

comment:10 Changed 3 years ago by tortestuser

  • Priority changed from normal to major
  • Summary changed from TorBrowser creates temp files in Linux /tmp & Windows %temp% during the file downloads dialog & when using internal browser video player to TorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various places) during the file downloads dialog & when using internal browser video player

comment:11 Changed 17 months ago by bugzilla

  • Component changed from Firefox Patch Issues to Tor Browser
  • Keywords tbb-firefox-patch added
  • Severity set to Normal

Actual for 6.0a1

comment:12 Changed 17 months ago by gk

  • Cc gk added; g.koppen@… removed

comment:13 Changed 17 months ago by gk

Setting media.cache-size is set to 0 does not help.

comment:14 Changed 15 months ago by cypherpunks

Bug 69938

Downloads are stored in $TMPDIR|$TMP|$TEMP|/tmp first and then moved to
Reported: 2001-02-23 00:26 PST

comment:15 Changed 15 months ago by mcs

  • Cc brade mcs added

comment:16 Changed 15 months ago by gk

#18588 is a duplicate.

Note: See TracTickets for help on using tickets.