[tor-bugs] #4234 [Tor Browser]: Investigate the Firefox update process
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 26 01:59:51 UTC 2014
#4234: Investigate the Firefox update process
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: accepted
Type: task | Milestone: TorBrowserBundle 2.3.x-stable
Priority: major | Version:
Component: Tor | Keywords: tbb-bounty, tbb-usability,
Browser | pantheon, chronos, tbb-firefox-
Resolution: | patch,TorBrowserTeam201408,MikePerry201408R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
Ok, I took a look at this, and overall it looks good. I have two questions
though:
In browser/installer/removed-files.in, it looks like you deleted
msvcr100.dll. What is the effect of this and why was it done? Does it
exclude that file from removal/update?
In toolkit/mozapps/update/updater/updater.cpp get_valid_path(), it looks
like you allow symlink updates to specify paths in parent directories? Do
we need to be worried about this? Can it be used by a rogue/broken MAR
file to create symlinks outside of the TBB directory?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4234#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list