[tbb-commits] [tor-browser/tor-browser-52.1.0esr-7.0-2] fixup! Bug #4234: Use the Firefox Update Process for Tor Browser.
gk at torproject.org
gk at torproject.org
Fri May 12 21:04:22 UTC 2017
commit d5211d99de2f37fc3e21329fd32fe80bcc663d37
Author: Kathy Brade <brade at pearlcrescent.com>
Date: Thu May 11 15:37:54 2017 -0400
fixup! Bug #4234: Use the Firefox Update Process for Tor Browser.
Disable the updater's OSX privilege elevation feature. If the user
does not have write permission to the .app directory, they will be
prompted to download a new copy of the browser. Fixes bug 21940.
As defense-in-depth measures, we also removed the code that is
used by Firefox to launch an OSX process with administrator privileges
as well as the extra copy of the updater executable that was located
under TorBrowser.app/Contents/Library/LaunchServices/.
---
browser/app/Makefile.in | 3 +++
browser/installer/package-manifest.in | 2 ++
toolkit/mozapps/update/nsUpdateService.js | 10 ++++++++++
toolkit/mozapps/update/updater/launchchild_osx.mm | 2 ++
toolkit/mozapps/update/updater/updater.cpp | 10 ++++++++++
toolkit/xre/MacLaunchHelper.h | 2 ++
toolkit/xre/MacLaunchHelper.mm | 2 ++
toolkit/xre/nsUpdateDriver.cpp | 4 ++++
8 files changed, 35 insertions(+)
diff --git a/browser/app/Makefile.in b/browser/app/Makefile.in
index 1fe7676..1fbdc1e 100644
--- a/browser/app/Makefile.in
+++ b/browser/app/Makefile.in
@@ -86,9 +86,12 @@ tools repackage:: $(DIST)/bin/$(MOZ_APP_NAME)
$(RM) $(dist_dest)/Contents/MacOS/$(MOZ_APP_NAME)
rsync -aL $(DIST)/bin/$(MOZ_APP_NAME) $(dist_dest)/Contents/MacOS
cp -RL $(DIST)/branding/firefox.icns $(dist_dest)/Contents/Resources/firefox.icns
+
cp -RL $(DIST)/branding/document.icns $(dist_dest)/Contents/Resources/document.icns
+ifndef TOR_BROWSER_UPDATE
$(MKDIR) -p $(dist_dest)/Contents/Library/LaunchServices
mv -f $(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater $(dist_dest)/Contents/Library/LaunchServices
ln -s ../../../../Library/LaunchServices/org.mozilla.updater $(dist_dest)/Contents/MacOS/updater.app/Contents/MacOS/org.mozilla.updater
+endif
printf APPLTORB > $(dist_dest)/Contents/PkgInfo
endif
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
index 8192f93..43c89a9 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -35,7 +35,9 @@
#ifdef XP_MACOSX
; Mac bundle stuff
@APPNAME@/Contents/Info.plist
+#ifndef TOR_BROWSER_UPDATE
@APPNAME@/Contents/Library/LaunchServices
+#endif
@APPNAME@/Contents/PkgInfo
@RESPATH@/firefox.icns
@RESPATH@/document.icns
diff --git a/toolkit/mozapps/update/nsUpdateService.js b/toolkit/mozapps/update/nsUpdateService.js
index 8abc55a..59c36e8 100644
--- a/toolkit/mozapps/update/nsUpdateService.js
+++ b/toolkit/mozapps/update/nsUpdateService.js
@@ -378,6 +378,11 @@ function areDirectoryEntriesWriteable(aDir) {
* @return true if elevation is required, false otherwise
*/
function getElevationRequired() {
+#if defined(TOR_BROWSER_UPDATE)
+ // To avoid potential security holes associated with running the updater
+ // process with elevated privileges, Tor Browser does not support elevation.
+ return false;
+#else
if (AppConstants.platform != "macosx") {
return false;
}
@@ -401,6 +406,7 @@ function getElevationRequired() {
LOG("getElevationRequired - able to write to application bundle, elevation " +
"not required");
return false;
+#endif
}
/**
@@ -1203,6 +1209,9 @@ function handleUpdateFailure(update, errorCode) {
cancelations++;
Services.prefs.setIntPref(PREF_APP_UPDATE_CANCELATIONS, cancelations);
if (AppConstants.platform == "macosx") {
+#if defined(TOR_BROWSER_UPDATE)
+ cleanupActiveUpdate();
+#else
let osxCancelations = getPref("getIntPref",
PREF_APP_UPDATE_CANCELATIONS_OSX, 0);
osxCancelations++;
@@ -1219,6 +1228,7 @@ function handleUpdateFailure(update, errorCode) {
writeStatusFile(getUpdatesDir(),
update.state = STATE_PENDING_ELEVATE);
}
+#endif
update.statusText = gUpdateBundle.GetStringFromName("elevationFailure");
update.QueryInterface(Ci.nsIWritablePropertyBag);
update.setProperty("patchingFailed", "elevationFailure");
diff --git a/toolkit/mozapps/update/updater/launchchild_osx.mm b/toolkit/mozapps/update/updater/launchchild_osx.mm
index 97e31b9..749cb1f 100644
--- a/toolkit/mozapps/update/updater/launchchild_osx.mm
+++ b/toolkit/mozapps/update/updater/launchchild_osx.mm
@@ -284,6 +284,7 @@ bool ObtainUpdaterArguments(int* argc, char*** argv)
@end
+#ifndef TOR_BROWSER_UPDATE
bool ServeElevatedUpdate(int argc, const char** argv)
{
MacAutoreleasePool pool;
@@ -300,6 +301,7 @@ bool ServeElevatedUpdate(int argc, const char** argv)
[updater release];
return didSucceed;
}
+#endif
bool IsOwnedByGroupAdmin(const char* aAppBundle)
{
diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
index 1bc4867..bf4a4bb 100644
--- a/toolkit/mozapps/update/updater/updater.cpp
+++ b/toolkit/mozapps/update/updater/updater.cpp
@@ -83,7 +83,9 @@ bool IsRecursivelyWritable(const char* aPath);
void LaunchChild(int argc, const char** argv);
void LaunchMacPostProcess(const char* aAppBundle);
bool ObtainUpdaterArguments(int* argc, char*** argv);
+#ifndef TOR_BROWSER_UPDATE
bool ServeElevatedUpdate(int argc, const char** argv);
+#endif
void SetGroupOwnershipAndPermissions(const char* aAppBundle);
struct UpdateServerThreadArgs
{
@@ -2913,11 +2915,15 @@ UpdateThreadFunc(void *param)
static void
ServeElevatedUpdateThreadFunc(void* param)
{
+#ifdef TOR_BROWSER_UPDATE
+ WriteStatusFile(ELEVATION_CANCELED);
+#else
UpdateServerThreadArgs* threadArgs = (UpdateServerThreadArgs*)param;
gSucceeded = ServeElevatedUpdate(threadArgs->argc, threadArgs->argv);
if (!gSucceeded) {
WriteStatusFile(ELEVATION_CANCELED);
}
+#endif
QuitProgressUI();
}
@@ -2986,7 +2992,11 @@ int NS_main(int argc, NS_tchar **argv)
#ifdef XP_MACOSX
bool isElevated =
+#ifdef TOR_BROWSER_UPDATE
+ false;
+#else
strstr(argv[0], "/Library/PrivilegedHelperTools/org.mozilla.updater") != 0;
+#endif
if (isElevated) {
if (!ObtainUpdaterArguments(&argc, &argv)) {
// Won't actually get here because ObtainUpdaterArguments will terminate
diff --git a/toolkit/xre/MacLaunchHelper.h b/toolkit/xre/MacLaunchHelper.h
index 08035c5..46e1570 100644
--- a/toolkit/xre/MacLaunchHelper.h
+++ b/toolkit/xre/MacLaunchHelper.h
@@ -17,7 +17,9 @@ extern "C" {
* pid of the terminated process to confirm that it executed successfully.
*/
void LaunchChildMac(int aArgc, char** aArgv, pid_t* aPid = 0);
+#ifndef TOR_BROWSER_UPDATE
bool LaunchElevatedUpdate(int aArgc, char** aArgv, pid_t* aPid = 0);
+#endif
}
#endif
diff --git a/toolkit/xre/MacLaunchHelper.mm b/toolkit/xre/MacLaunchHelper.mm
index 0dadb8d..84e28a4 100644
--- a/toolkit/xre/MacLaunchHelper.mm
+++ b/toolkit/xre/MacLaunchHelper.mm
@@ -43,6 +43,7 @@ void LaunchChildMac(int aArgc, char** aArgv, pid_t* aPid)
}
}
+#ifndef TOR_BROWSER_UPDATE
BOOL InstallPrivilegedHelper()
{
AuthorizationRef authRef = NULL;
@@ -135,3 +136,4 @@ bool LaunchElevatedUpdate(int aArgc, char** aArgv, pid_t* aPid)
}
return didSucceed;
}
+#endif
diff --git a/toolkit/xre/nsUpdateDriver.cpp b/toolkit/xre/nsUpdateDriver.cpp
index 3abbf7f..b87c84e 100644
--- a/toolkit/xre/nsUpdateDriver.cpp
+++ b/toolkit/xre/nsUpdateDriver.cpp
@@ -1114,6 +1114,7 @@ ApplyUpdate(nsIFile *greDir, nsIFile *updateDir, nsIFile *statusFile,
#ifdef DEBUG
dump_argv("ApplyUpdate after SetupMacCommandLine", argv, argc);
#endif
+#ifndef TOR_BROWSER_UPDATE
// We need to detect whether elevation is required for this update. This can
// occur when an admin user installs the application, but another admin
// user attempts to update (see bug 394984).
@@ -1124,12 +1125,15 @@ ApplyUpdate(nsIFile *greDir, nsIFile *updateDir, nsIFile *statusFile,
}
exit(0);
} else {
+#endif
if (restart) {
LaunchChildMac(argc, argv);
exit(0);
}
LaunchChildMac(argc, argv, outpid);
+#ifndef TOR_BROWSER_UPDATE
}
+#endif
#else
*outpid = PR_CreateProcess(updaterPath.get(), argv, nullptr, nullptr);
if (restart) {
More information about the tbb-commits
mailing list