[tor-bugs] #21940 [Applications/Tor Browser]: OSX updater: consider disabling privilege escalation

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 11 18:35:49 UTC 2017


#21940: OSX updater: consider disabling privilege escalation
-------------------------------------------------+-------------------------
 Reporter:  mcs                                  |          Owner:  mcs
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,              |  Actual Points:
  TorBrowserTeam201705                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by mcs):

 * owner:  tbb-team => mcs
 * cc: arthuredelstein, boklm (added)
 * status:  new => assigned


Comment:

 Replying to [comment:7 gk]:
 > So, do we think the risk of privilege escalation support is worth it? If
 not, how much work would it be to "back" this out?

 Sorry for the delayed response. Kathy and I have been working on a patch
 to disable the OSX elevation code, similar to what we do on Windows (a
 complete back out of the Mozilla patches that added this feature would be
 quite painful). Changing the code as little as possible while still
 achieving the correct error reporting behavior turned out to be a little
 tricky, but I think we have a good patch now. We will post it here as soon
 as we finish one more round of testing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21940#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list