Tor Browser can use a Tor that's running under another user
I've discovered an issue where Tor Browser fails to launch tor, but still connects to websites via whatever SOCKS proxy is running on port 9150.
I believe this issue only happens in Tor Browser 7.0 and later, because of the multiprocess feature. I believe it only happens on macOS, due to the way Tor Browser is launched to open links. But I haven't tested any other versions or platforms.
I'm using Tor Browser 7.0.5 on macOS 10.12.6
Here are the steps to reproduce:
- Open a copy of Tor Browser in one user account
- Switch to a second user account
- Set Tor Browser as the default browser
- Make sure Tor Browser is quit
- Open a link by right-clicking on the link text and selecting "open URL" (or by double-clicking a webloc file in Finder, or clicking a link in any rendered HTML, such as a Mail message)
Tor Browser fails to launch tor, but opens the link in a browser window behind Tor launcher, and loads the link content via whatever SOCKS proxy is running on port 9150. (In this case, another tor instance run by another user.)
This could also happen using another instance of Tor Browser run by the same user, but it's harder to reproduce, because links typically open in the instance of the default browser that's already open.
I don't know if update checks or downloads occur over an untrusted SOCKSPort, but I haven't seen any update notifications appear in my testing.