[tor-bugs] #28678 [Applications]: Tor on windows needs to be installed and operated insecurely in user home directory

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Dec 1 15:30:42 UTC 2018


#28678: Tor on windows needs to be installed and operated insecurely in user home
directory
--------------------+------------------------------
 Reporter:  db      |          Owner:  (none)
     Type:  defect  |         Status:  new
 Priority:  Medium  |      Component:  Applications
  Version:          |       Severity:  Major
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
 Reviewer:          |        Sponsor:
--------------------+------------------------------
 On Windows platforms, it appears that Tor needs to be installed in a
 user's home directory. Executable files that need network access should be
 installed in %PROGRAMFILES%. Why? Files in a user directory are more
 likely to be infected, malware, etc. On secure unix systems, for example,
 it is not uncommon for there to be no allowed executables in $HOME.

 Can you install into %PROGRAMFILES%?

 You can install tor there, yes, but it does not function. The browser,
 firefox.exe, complains with:

 "Tor Browser does not have permission to access the profile. Please adjust
 your file system permissions and try again."

 In https://trac.torproject.org/projects/tor/ticket/17929, the advice given
 is to re-install Tor and the problem will go away. I'm sorry but every
 time I remove and re-install Tor I get the above error message.

 If I start it like this:

 "C:\Program Files\Tor Browser\Browser\firefox.exe" /profile
 %APPDATA%/tor/profile

 If I didn't know better, the contents of "Tor
 Browser\Browser\TorBrowser\Data\Browser\profile.default" need to be in
 %APPDATA%/tor/profile.

 But that's not enough. For some reason firefox wants to create this file:

 %PROGRAMFILES%\Tor Browser\Browser\TorBrowser\Tor\torrcc-defaults

 Curiously, the "Process Monitor" (sysinternals) reports a number of
 "Buffer Overflow" results for calls to "QueryAllInformationFile" from
 firefox.exe.

 Anyway...

 The above "torcc-defaults" file is not created by the installer, it needs
 to be created manually as follows:
 1) create "torcc"file in %APPDATA%\tor
 2) copy content to it from
 https://github.com/jessfraz/dockerfiles/blob/master/tor-
 proxy/torrc.default
 3) copy "torcc" file to "%PROGRAMFILES%\Tor
 Browser\Browser\TorBrowser\Tor"
 4) rename "torcc" to "torcc-defaults"

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28678>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list