[tor-bugs] #21912 [Applications/Tor Browser Sandbox]: Deal with the deprecation of the `hardened` channel.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 12 11:16:15 UTC 2017
#21912: Deal with the deprecation of the `hardened` channel.
----------------------------------------------+-------------------------
Reporter: yawning | Owner: yawning
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+-------------------------
Comment (by boklm):
Replying to [comment:2 yawning]:
> Given the complexity of migrating users seamlessly, I'm going to opt for
a forced reinstall, unless someone manages to convince me otherwise.
>
> Rationale:
> * It's not immediately obvious to me how to detect that a channel
switch has happened from the update metadata
(https://wiki.mozilla.org/Software_Update:updates.xml_Format). This also
applies to the bundle locale.
Yes, it is not possible to detect it from the update metadata. You can
detect it by looking at the file `Browser/defaults/pref/channel-prefs.js`.
The switch will be done with a mar file updating this file and the
`Browser/update-settings.ini` file only.
> * The `sandboxed-tor-browser` update code was not, and is not written
to take into account things like channels changing, or locales
disappearing.
> * It's cleaner in the long run.
>
> I do not know what will happen when the existing `sandboxed-tor-browser`
has a hardened bundle installed and it encounters the update at the
deprecation point. My suspicion is that the update has a good chance of
applying, but it will then fail to detect `libasan.so` and drop the user
back to the config screen repeatedly.
The update modifying the channel preferences files should apply correctly,
but assuming the sandbox updater is not looking at those files to know the
current channel, nothing else will happen and users will stay on the last
hardened version.
> There isn't anything I can do about this now, since code that's out
there is code that's out there.
Yes it seems difficult to do something.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21912#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list