Opened 5 years ago

Last modified 2 months ago

#8706 new defect

.recently-used.xbel contains filenames if browser stored them to disk

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: backport-to-mozilla, tbb-disk-leak, tbb-firefox-patch
Cc: runa, starlight.2015q1@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle on Debian Linux (#8166) showed that the file ~/.recently-used.xbel contains the filename of the Tor Browser Bundle tarball: tor-browser-gnu-linux-x86_64-2.3.25-5-dev-en-US.tar.gz, as well as the time and date it was added, modified, and visited.

Child Tickets

Change History (10)

comment:1 Changed 3 years ago by cypherpunks

Component: Tor bundles/installationFirefox Patch Issues
Keywords: backport-to-mozilla tbb-disk-leak added
Owner: changed from erinn to mikeperry
Summary: .recently-used.xbel contains TBB filename (Debian Linux).recently-used.xbel contains filenames if browser stored them to disk

A forensic analysis of the Tor Browser Bundle on Debian Linux (#8166) showed that the file ~/.recently-used.xbel contains the filename of the Tor Browser Bundle tarball: tor-browser-gnu-linux-x86_64-2.3.25-5-dev-en-US.tar.gz, as well as the time and date it was added, modified, and visited.

This item was saved not by Tor Browser process but download manager or whatever that used to save bundle to disk. You can't prevent this item to appear by Tor Browser intervention if it doesn't exist yet.

But this file contains Tor Browser's stuff too, when user saves any files to disk, includes html pages.
Look at Midori, it prevents unwanted stuff. Firefox in private mode should to prevent that stuff too. If not then Tor Browser need to be patched separately.

comment:2 Changed 3 years ago by erinn

Keywords: tbb-firefox-patch added

comment:3 Changed 3 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:4 Changed 3 years ago by starlight

Cc: starlight.2015q1@… added

comment:5 Changed 2 months ago by arma

Severity: Blocker

Is this a Firefox bug, because private browsing mode ought to block this file from being created?

Is it a Tor Browser bug, because we should try to step in somehow?

Or is it something else?

comment:6 Changed 2 months ago by arma

Severity: BlockerNormal

comment:7 in reply to:  5 Changed 2 months ago by yawning

Replying to arma:

Or is it something else?

Probably this? It's not easy to disable on a per-application basis, and I'm fairly sure that attempting to do so without reaching into the guts of Gtk+ will make Tor Browser clobber the file (which is rude).

That said in the sandbox Gtk+ is containerized and already ignores the users theming, so I can do something like: https://gitweb.torproject.org/tor-browser/sandboxed-tor-browser.git/commit/?id=36a580f723cdd7891eec5e2b2c878ed1a323178d

comment:8 Changed 2 months ago by arma

Is it rude for Tor Browser to clobber my ~/tor-browser_en-US/Browser/.local/share/recently-used.xbel file? Why?

comment:9 in reply to:  8 Changed 2 months ago by yawning

Replying to arma:

Is it rude for Tor Browser to clobber my ~/tor-browser_en-US/Browser/.local/share/recently-used.xbel file? Why?

Oh that's right, Tor Browser's script overrides HOME. I haven't messed with non-sandboxed Tor Browser in forever, mea culpa.

Patch firefox to override the setting my commit messes with, right after the gtk_init() call then. I assume users will cry if Tor Browser ships with it's own .gtkrc-2.0 because they'll lose Gtk theming....

comment:10 Changed 2 months ago by yawning

Patch firefox to override the setting my commit messes with, right after the gtk_init() call then.

   /* Disable the .recently-used.xbel file. */
   gtk_settings_set_long_property(gtk_settings_get_default(), "gtk-recent-files-max-age", 0, "TorBrowser");

In the right place should work. Finding the right place is left as an exercise for the student

Edit: If/when the browser ever is linked against Gtk+3.x or newer this will need to change.

Last edited 2 months ago by yawning (previous) (diff)
Note: See TracTickets for help on using tickets.