[tor-bugs] #18101 [Applications/Tor Browser]: IP leak from Windows/macOS UI dialog with URI
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 27 21:18:17 UTC 2019
#18101: IP leak from Windows/macOS UI dialog with URI
-------------------------------------------------+-------------------------
Reporter: uileak | Owner:
| arthuredelstein
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: tbb-disk-leak, tbb-proxy-bypass, | Actual Points:
TorBrowserTeam201906R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mcs):
Replying to [comment:84 gk]:
> Okay, let's get this on our radar again to squash this bug finally.
`bug_18101` (https://gitweb.torproject.org/user/gk/tor-
browser.git/commit/?h=bug_18101) in my `tor-browser` repo has the patch
ideas Arthur and a cypherpunk/ericlaw came up with for (re)-review.
>
> mcs/brade: could you take the macOS part?
It is unclear how to produce an IP address leak on macOS 10.9 or newer. As
teor mentioned in comment:9, Apple seems to have removed features years
ago that allowed URLs to be entered in the file open and file save panels.
At least, Kathy and I do not know how to do so.
Looking at the patch, it is also unclear what effect the `[NSOpenPanel
setCanDownloadUbiquitousContents:NO]` call has (the documentation does
makes it sound like setting it to `NO` is a good idea).
In any case, that API requires macOS 10.10 or newer (as documented here
https://developer.apple.com/documentation/appkit/nsopenpanel/1533418-candownloadubiquitouscontents?language=objc).
To make sure, we tested a patched Tor Browser on a macOS 10.9.5 system,
and indeed an exception was thrown which prevents the file open dialog
from opening:
... firefox[...] -[NSOpenPanel setCanDownloadUbiquitousContents:]:
unrecognized selector sent to instance 0x10bbc5270
... firefox[...] Mozilla has caught an Obj-C exception
[NSInvalidArgumentException: -[NSOpenPanel
setCanDownloadUbiquitousContents:]: unrecognized selector sent to instance
0x10bbc5270]
We would need to add a runtime check to make sure that API is available.
If we do use `setCanDownloadUbiquitousContents`, we may also want to add a
similar call inside `nsFilePicker::GetLocalFolder()` (also in
`widget/cocoa/nsFilePicker.mm`).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18101#comment:88>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list