Opened 4 years ago

Last modified 13 months ago

#8695 new defect

GVFS metadata file contains TBB filename (Debian Linux)

Reported by: runa Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-disk-leak, needs-triage
Cc: runa, g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle on Debian Linux showed that the file ~/.local/share/gvfs-metadata/home contains the filename of the Tor Browser Bundle tarball: tor-browser-gnu-linux-x86_64-2.3.25-5-dev-en-US.tar.gz.

The same file on my personal Debian system does not contain the tarball filename, but does contain names of files I have accessed recently or in the past.

The reports I have read suggest you can delete the contents with no ill effect. Maybe this is something we should consider?

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by gk

  • Cc g.koppen@… added

comment:2 Changed 4 years ago by runa

  • Keywords tbb-disk-leak added

comment:3 Changed 3 years ago by erinn

  • Keywords needs-triage added

comment:4 Changed 3 years ago by erinn

  • Component changed from Tor bundles/installation to Tor Browser
  • Owner changed from erinn to tbb-team

comment:5 Changed 19 months ago by cypherpunks

  • Priority changed from Medium to High
  • Severity set to Normal

This is an obvious leak which has had no progress been made for 3 years+.

comment:6 Changed 13 months ago by cypherpunks

This comes from the "recently used files" list. Nautilus uses it. Similar things can happen in Microsoft Windows or Apple OS/X.

Note: See TracTickets for help on using tickets.