Skip to content

TorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various places) during the file downloads dialog & when using internal browser video player

  1. Open a webpage with downloadable links (http://arxiv.org/abs/1207.5216 for example).
  2. Select file to download (pdf for example: http://arxiv.org/pdf/1207.5216v2).
  3. See the dialog: External application is needed to handle with two buttons: launch and cancel.
  4. Only launch is available to start download. Select it.
  5. Second dialog asks to open with /usr/bin/xpdf (default) or Save.
  6. Don't press Save immediately. See in a terminal random name of file, sometimes with a part of contents: {{{ ls -la /tmp $ file /tmp/oeXvw4D+.pdf.part /tmp/oeXvw4D+.pdf.part: PDF document, version 1.5 }}} Tbb ignored tor-browser_en-US/tmp and use system /tmp
  7. After pressing Save file removed from /tmp.

This behaviour potentially affects users local anonimity with unencrypted and non-attached to memory system /tmp dirs; and affects users with portable TorBrowser versions. Partially downloaded files will saved in /tmp in the cases of TBB crushes or not completely erased. Will be preferably to isolate TorBrowser activity in user local catalogs only.

Trac:
Username: unknown

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information