[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 12 20:16:37 UTC 2014
#13379: Sign our MAR files
-----------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by mcs):
I have a design question. The new updater binary has a dependency on
various shared libraries that are bundled with the browser (libnss3.so,
libnspr4.so, etc.) On Windows, these libraries are found by the OS when
the updater is started because of the fix we made for #13594.
On Mac OS and Linux, the libraries won't be found. Possible solutions:
(1) Modify the browser to set LD_LIBRARY_PATH before launching the
updater. This means that while it is running, the updater would use
libraries that are possibly going to be updated. I think that is OK
because both Linux and Mac OS allow rename and unlink on an open file.
(2) Modify the browser to copy all of the required shared libraries when
it makes a copy of the updater binary itself (i.e., we would extend the
code here to do more: https://gitweb.torproject.org/tor-
browser.git/blob/2822ccdb6d00b563413a285fe63488ab2ca7b460:/toolkit/xre/nsUpdateDriver.cpp#l385
). To do this, we would need to embed a list of shared libraries inside
the browser (which we would then have to maintain).
Kathy and I prefer solution (1) unless someone sees a problem with that
approach. Comments?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list