[tbb-bugs] #24755 [Applications/Tor Browser]: Shell scripts refactoring and bash privacy leak. Heredoc should not be used in start-tor-browser script.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 29 09:44:26 UTC 2018
#24755: Shell scripts refactoring and bash privacy leak. Heredoc should not be used
in start-tor-browser script.
--------------------------------------+--------------------------
Reporter: asan | Owner: tbb-team
Type: defect | Status: assigned
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Minor | Resolution:
Keywords: tbb-disk-leak | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by boklm):
It seems that setting `TMPDIR` to a `tmp` directory inside the Tor Browser
directory at the beginning of `start-tor-browser` would solve the issue
with `<<`.
If I run the following script:
{{{
#!/bin/bash
export TMPDIR='/tmp/test-heredoc'
mkdir -p $TMPDIR
sleep 3 <<<"here string" & lsof -p $! | grep 0r
}}}
I get the following output:
{{{
sleep 3719 user 0r REG 0,36 12 27468 /tmp/test-heredoc/sh-
thd-811442066 (deleted)
}}}
It might also be useful to set `TMPDIR` in case some part of firefox is
using it to select the tmp directory.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24755#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list