[tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 14 12:35:08 UTC 2015
#3861: begin signing Windows packages the Windows way
-------------------------------------+-------------------------------------
Reporter: erinn | Owner: gk
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Tor | Version:
bundles/installation | Keywords: tbb-3.0, tbb-security,
Resolution: fixed | tbb-usability-stoppoint-app,
Actual Points: | tbb-4.5-alpha
Points: | Parent ID:
-------------------------------------+-------------------------------------
Comment (by gk):
Replying to [comment:28 starlight]:
> Many file not signed. Does not run with AppLocker "publisher" rule.
>
> Incomplete sample of unsigned files:
>
> {{{
> AppData\Local\Temp\nsf4B85.tmp\LangDLL.dll
> AppData\Local\Temp\nsh8E95.tmp\nsDialogs.dll
> AppData\Local\Temp\nsh8E95.tmp\System.dll
>
> Tor_Browser-4.5a5\Browser\firefox.exe
> Tor_Browser-4.5a5\Browser\mozalloc.dll
> Tor_Browser-4.5a5\Browser\mozglue.dll
> Tor_Browser-4.5a5\Browser\gkmedias.dll
> Tor_Browser-4.5a5\Browser\mozjs.dll
> Tor_Browser-4.5a5\Browser\xul.dll
> Tor_Browser-4.5a5\Browser\browser\components\browsercomps.dll
> Tor_Browser-4.5a5\Browser\TorBrowser\Tor\tor.exe
>
> }}}
Hmm... Tor Browser does not work with the default AppLocker configuration
either, see: https://bugzilla.mozilla.org/show_bug.cgi?id=902771. But it
would work with the secure file hash configuration. Maybe that is a good
idea anyway if one has high security in mind and is trying to get that via
AppLocker. I created #15687 to think about what we want to support.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list