Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #21940

Closed (moved)
Open
Opened Apr 13, 2017 by Mark Smith@mcs

OSX updater: consider disabling privilege escalation

In Firefox 52 (since 49), the Firefox updater will attempt to gain elevated privileges on OSX if necessary to apply an update. See: https://bugzilla.mozilla.org/show_bug.cgi?id=394984

So far I have not tested this with an ESR52-based Tor Browser, but we should decide whether we want to leave this feature enabled or remove it before the first stable release of Tor Browser 7.0.

On Windows, we disabled similar code because (1) most Windows users probably do not install Tor Browser in a directory that requires admin privileges and (2) we did not want to audit the code (e.g., we did not want there to be a chance that someone could be tricked into granting more privileges, perhaps due to malware that took advantage of another security bug).

On OSX the situation is a little different because we do encourage people to drop TorBrowser.app into /Applications, which does require admin privileges. I personally use an account on OSX that has Admin privileges at all times, so updates work fine for me with TB 6.x and earlier... but that is not considered best security practice on OSX (actually, I usually do not install TB in /Applications at all because I keep several versions around to make it easier to triage bugs).

Cc: Tim and Linda who may also have some thoughts on this. To be sure, there is a security vs. usability tradeoff here.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#21940