[tor-bugs] #31022 [Core Tor/Tor]: Tor's windows "--service install" should warn if it installs on a global writeable path
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 28 14:29:54 UTC 2019
#31022: Tor's windows "--service install" should warn if it installs on a global
writeable path
-------------------------------------------+-------------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: hackerone bug-bounty security | Actual Points:
Parent ID: | Points: 0.3
Reviewer: | Sponsor:
-------------------------------------------+-------------------------------
Comment (by cypherpunks):
> The Tor service runs under `NT authority\local service` account, so if
an admin unzips tor.exe into a folder that is writable by non-admin users
(e.g. C:\tor), then
fire that admin.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31022#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list