[tor-bugs] #13594 [Tor Browser]: Tor Browser Bundle 4.0: updater fails on Windows
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 29 16:32:41 UTC 2014
#13594: Tor Browser Bundle 4.0: updater fails on Windows
-----------------------------+----------------------
Reporter: marc | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------
Comment (by cypherpunks):
> and no ways to bypass it.
It changes PATH environment variable.
What for PATH in Tor Browser? What if to change [https://mxr.mozilla.org
/mozilla-esr31/source/toolkit/xre/nsWindowsWMain.cpp#80 call of ]
SanitizeEnvironmentVariables (or directly [https://mxr.mozilla.org
/mozilla-esr31/source/xpcom/base/nsSetDllDirectory.h#19
SanitizeEnvironmentVariables], to clear PATH and to fill it by:
1. The directory from which Tor Browser loaded.
2. The system directory. Use the GetSystemDirectory function to get the
path of this directory.
3. The Windows directory. Use the GetWindowsDirectory function to get the
path of this directory.
It allows to protect against injected paths and fixes `updater.exe`
without extra voodoo or copying of need dlls to need dir.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13594#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list