[tor-bugs] #13379 [Tor Browser]: Sign our MAR files

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 12 20:16:37 UTC 2014


#13379: Sign our MAR files
-----------------------------+--------------------------
     Reporter:  mikeperry    |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  major        |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-security
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------

Comment (by mcs):

 I have a design question.  The new updater binary has a dependency on
 various shared libraries that are bundled with the browser (libnss3.so,
 libnspr4.so, etc.)  On Windows, these libraries are found by the OS when
 the updater is started because of the fix we made for #13594.

 On Mac OS and Linux, the libraries won't be found.  Possible solutions:

 (1) Modify the browser to set LD_LIBRARY_PATH before launching the
 updater.  This means that while it is running, the updater would use
 libraries that are possibly going to be updated.  I think that is OK
 because both Linux and Mac OS allow rename and unlink on an open file.

 (2) Modify the browser to copy all of the required shared libraries when
 it makes a copy of the updater binary itself (i.e., we would extend the
 code here to do more: https://gitweb.torproject.org/tor-
 browser.git/blob/2822ccdb6d00b563413a285fe63488ab2ca7b460:/toolkit/xre/nsUpdateDriver.cpp#l385
 ).  To do this, we would need to embed a list of shared libraries inside
 the browser (which we would then have to maintain).

 Kathy and I prefer solution (1) unless someone sees a problem with that
 approach.  Comments?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list