[tbb-bugs] #27220 [Applications/Tor Browser]: Allow TBA to install tor button, tor launcher and https everywhere extensions without signatures

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 21 01:37:41 UTC 2018 

#27220: Allow TBA to  install tor button, tor launcher and https everywhere
extensions without signatures
--------------------------------------+------------------------------
 Reporter:  igt0                      |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+------------------------------

Comment (by sysrqb):

 Replying to [comment:8 igt0]:
 > The issue is not about signatures anymore. Looks like there is a race
 condition in the addons code. If i close the browser and open again. The
 addon is loaded.

 Ah, I see, the patch is good. [https://gitweb.torproject.org/tor-
 browser.git/tree/toolkit/mozapps/extensions/internal/XPIInstall.jsm?h=tor-
 browser-60.1.0esr-8.0-1#n1533 loadManifest()] =>
 [https://gitweb.torproject.org/tor-
 browser.git/tree/toolkit/mozapps/extensions/internal/XPIInstall.jsm?h=tor-
 browser-60.1.0esr-8.0-1#n878 loadManifestFromZipReader()] =>
 [https://gitweb.torproject.org/tor-
 browser.git/tree/toolkit/mozapps/extensions/internal/XPIInstall.jsm?h=tor-
 browser-60.1.0esr-8.0-1#n1058 verifyZipSignedState()] =>
 [https://gitweb.torproject.org/tor-
 browser.git/tree/toolkit/mozapps/extensions/internal/XPIInstall.jsm?h=tor-
 browser-60.1.0esr-8.0-1#n1031 shouldVerifySignedState()].

 `verifyZipSignedState()` sets
 {{{
 signedState: AddonManager.SIGNEDSTATE_NOT_REQUIRED
 }}}
 (where `AddonManager`.`SIGNEDSTATE_NOT_REQUIRED` has value `undefined`),
 so the inner conditional block isn't executed:
 {{{
     if (mustSign(this.addon.type)) {
       if (this.addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) {
         [...]

         if (state == AddonManager.SIGNEDSTATE_MISSING)
           return Promise.reject([AddonManager.ERROR_SIGNEDSTATE_REQUIRED,
                                  "signature is required but missing"]);

        [...]
       }
     }
 }}}

 As for the race condition, I don't think that's true. I think that is
 because torbutton isn't a restartless extension. It requires restarting
 after installation. I don't think there's anyway way we can prevent this.
 I wonder if we can force a restart (semi-transparently) at the end of the
 firstrun onboarding screen.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27220#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list