[tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature verification to prevent modification of omni.ja

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 29 08:47:34 UTC 2018 

#26212: Use digital signature verification to prevent modification of omni.ja
--------------------------------------+-----------------------------------
 Reporter:  indigotime                |          Owner:  tbb-team
     Type:  enhancement               |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------
Changes (by gk):

 * status:  new => needs_information


Comment:

 Replying to [ticket:26212 indigotime]:
 > Since omni.ja is an ordinary zip archive, anyone can easily inject a
 backdoor into it and redistribute modified version of Tor Browser. So,
 it's need to use digital signature to prevent modification of both omni.ja
 files.

 Could you explain a bit more your attack scenario? It seems you are not
 worried about some attacker modifying the `omni.ja` files *locally* so
 that users on that system execute malware. Rather you seem to be worried
 about an attacker taking one our our bundles (e.g. the Linux one),
 extracting the `omni.ja` files, inserting a backdoor and then
 redistributing that as Tor Browser? Is that reading of your bug report
 correct?

 If so, what prevents anyone from just stripping that signature before
 modifying both files (or just one of them)? And why just the `omni.ja`
 files because the Firefox binary or any library could get corrupted as
 well serving malware? And as a side-effect: messing with those files will
 invalidate the GPG signature.

 So, I am not seeing how we win anything by deploying some elaborate
 signature scheme for omni.ja files.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26212#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list