[tor-bugs] #4517 [Tor Browser]: drag-n-drop bypasses tor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Nov 19 21:38:49 UTC 2011 

#4517: drag-n-drop bypasses tor
-------------------------+--------------------------------------------------
 Reporter:  cypherpunks  |          Owner:  mikeperry        
     Type:  defect       |         Status:  needs_information
 Priority:  blocker      |      Milestone:                   
Component:  Tor Browser  |        Version:                   
 Keywords:               |         Parent:                   
   Points:               |   Actualpoints:                   
-------------------------+--------------------------------------------------

Comment(by aagbsn):

 Replying to [comment:3 aagbsn]:
 > I can partially confirm this behavior
 >
 > Replying to [comment:2 cypherpunks]:
 > > Replying to [comment:1 rransom]:
 > > > I can't reproduce this with TBB for Linux.  I tried dragging the
 image over TBB-Firefox, Nautilus, and Emacs (GNU Emacs with the Lucid
 interface), and dropping the image on TBB-Firefox, and didn't see any DNS
 or HTTP traffic.
 > > >
 > > > Which OS are you using?  Did you drag the image over a program other
 than TBB-Firefox?
 > >
 > > OS: Ubuntu 11.10, with all updates installed.
 > Ubuntu 11.10 64-bit. Not all updates are installed.
 I updated and tried again.
 >
 > > Tor Browser Bundle was installed by unpacking to a new clean folder.
 And I have verified the signature.
 > > 32-bit version of everything.
 >
 > 64-bit version here.
 > >
 > > And no, merely beginning to drag the image makes it send the DNS and
 HTTP request, before I get to drag it anywhere or drop it.
 >
 > I have to drag the pic to the desktop before the DNS and HTTP request
 occur. I noticed that dragging the pic to a text console copies the image
 URL.

 I tried dragging and hovering the image over a few different applications
 (terminals, wireshark, firefox, file browser, and the desktop) and was not
 able to recreate this issue by just hovering.

 I tested with images-as-links as well as plain images (e.g. right-click
 and select 'view image', then try to drag that somewhere)

 Can you confirm that these steps should reproduce the issue?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4517#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list