Opened 4 years ago

Last modified 3 years ago

#8984 new defect

OSX FSEvents API files contain traces of the Tor Browser Bundle

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-disk-leak, needs-triage
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on OS X 10.8 showed that FSEvents API files contain traces of the Tor Browser Bundle.

The FSEvents API allows applications to register for notifications of changes to a given directory tree. Whenever the filesystem is changed, the kernel passes notifications to a process called fseventsd. The following file contains the path to the attached external drive, the path to the Tor Browser Bundle on the Desktop, and the path to the Tor Browser Bundle in the Trash:

  • /.fseventsd/0000000000172019

Other files in the .fseventsd directory may also contain traces of the Tor Browser Bundle and/or the attached external drive.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by erinn

  • Keywords needs-triage added

comment:2 Changed 3 years ago by erinn

  • Component changed from Tor bundles/installation to Tor Browser
  • Owner changed from erinn to tbb-team
Note: See TracTickets for help on using tickets.