[tbb-bugs] #17208 [Tor Browser]: New reported disk leaks in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 2 15:32:08 UTC 2015
#17208: New reported disk leaks in Tor Browser
---------------------------------+---------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-disk-leak
Actual Points: | Parent ID:
Points: | Sponsor:
---------------------------------+---------------------------
Comment (by teor):
Replying to [comment:2 arthuredelstein]:
> Replying to [comment:1 teor]:
> > Also see #17188, if we do randomise this, we should randomly
*subtract* some time from the times written in the file.
>
> Unfortunately, in the case given in the presentation above, we would
perhaps need to subtract hours or days to sufficiently protect the user.
How much time could be subtracted before we lose the benefits of
LastWritten?
>
> Is there any alternative way for tor to detect clock changes without
storing the last usage on disk?
Tor already detects clock changes by making a TLS connection to the
authorities, and using the time they provide. #17188 is simply an
additional warning that happens early during startup when we read the
state file, rather than later when we make a connection.
If we have to lose it, or make it less reliable, that's ok.
(We might also want to consider removing LastWritten entirely.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17208#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list