[tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disable privilege escalation
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 13 20:54:14 UTC 2017
#21940: OSX updater: consider disable privilege escalation
-------------------------------------------------+-------------------------
Reporter: mcs | Owner: tbb-
| team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-7.0-must, | Actual Points:
TorBrowserTeam201704 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [ticket:21940 mcs]:
> In Firefox 52 (since 49), the Firefox updater will attempt to gain
elevated privileges on OSX if necessary to apply an update.
If necessary. That's great.
> On Windows, we disabled similar code
Not good. (You even disabled updater's helper for staged updates.)
> because (1) most Windows users probably do not install Tor Browser in a
directory that requires admin privileges
Most users do not install Tor Browser, because it is portable. But if they
want to install it locally like on macOS, you've disabled that...
> and (2) we did not want to audit the code (e.g., we did not want there
to be a chance that someone could be tricked into granting more
privileges, perhaps due to malware that took advantage of another security
bug).
in updater or where?
> On OSX the situation is a little different because we do encourage
people to drop TorBrowser.app into /Applications, which does require admin
privileges.
Installed instead Portable. It is bad.
> I personally use an account on OSX that has Admin privileges at all
times, so updates work fine for me with TB 6.x and earlier... but that is
not considered best security practice on OSX
No comments.
> (actually, I usually do not install TB in /Applications at all because I
keep several versions around to make it easier to triage bugs).
Portable. That's good. (Hint: TB is Thunderbird.)
> Cc: Tim and Linda who may also have some thoughts on this. To be sure,
there is a security vs. usability tradeoff here.
Yawning's sandbox for security. Usability aspect here is that many users
want to make TBB the default web browser, also to make it more secure to
open web content from any app, and as a part of that, there is the need to
install TBB as usual app, usually to the default location which usually
needs admin privileges on any OS.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21940#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list