[tor-talk] Tor Browser Linux_don't extract to root

Joe Btfsplk joebtfsplk at gmx.com
Tue Apr 11 19:18:38 UTC 2017


On 04/11/2017 03:47 AM, Jonathan Marquardt wrote:
> On Mon, Apr 10, 2017 at 07:11:48PM -0500, Joe Btfsplk wrote:
>> What is the reason(s) the TBB instructions say do not install (extract) TBB
>> to root?
>> Is it so the TBB files will be in a location where the user has write
>> permissions, so that TBB updates can automatically  D/L and install?
> Yes, that's the biggest advantage, I think. We don’t want superold versions of
> TBB to be used, do we?
>   
>> Other than that, does installing TBB to a location where anyone / anything
>> has full r/w/x permissions (like in /home), weaken the security of Linux,
>> compared to packages installed via a distro's software manager?
> If "anyone / anything has full r/w/x permissions" in /home on your system,
> you're doing something very wrong. Only the individual users should have write
> permissions in their own home directories. On a multi-user system it is also a
> good idea to give "world" zero permissions in your user home directory so no
> other users can read your files.
>
Thanks.  I may be missing something here.  Anyone feel free to correct 
me where I'm wrong.
I'm not "doing" anything with /home permissions - it's Linux defaults.  
AFAIK, once a user logs into their 'nix acct, anything that writes to 
(most) files in /home can do so - w/o any prompting.

For browsers - Firefox - that's full access to most things under 
.mozilla, but not Firefox program files - installed elsewhere.  In 
/home, the user is the owner & has full r/w/x permissions for most  
files there - no PW required to change files there (once logged in).  
There're some exceptions to that, like .local/keyrings.

For TBB extracted to a folder in /home, on files I checked (tor, 
cached-certs, torrc, etc.) - the user is owner & has r/w/(x) permissions 
by default.  No PW required - like any document in /home.  So anything 
that makes it past basic defenses of the browser, NoScript, etc. - would 
generally have r/w/x permissions on most TBB files in /home - yes?

Conversely, Firefox installed to /usr & other protected directories that 
most installed apps use, by default the user or anything making it onto 
the computer don't have w/x permissions for those "program files."  
Yes?  That's part of Linux overall security.

Maybe I'm missing something.  Tor Project goes to great lengths to 
provide uncompromised TBB copies & ways to verify them, but at least in 
Linux - advises putting it in the least secure area, so  it can update 
automatically with one click?  (because TBB wasn't installed via a Linux 
software manager & therefore automatic updates wouldn't be allowed).  
Seems like that's in opposition to all the other TBB security efforts.

When Linux users choose to D/L the latest release from mozilla & install 
to /opt or /usr/local, it won't update automatically or w/ a  click, 
AFAIK.  Unless you change ownership / permissions of those directories - 
which I've read is a bad idea, security wise.  (I'm not sure the D/L 
Linux Fx ver has "update now" available in about:firefox, anyway).

But, for Fx or Tbird in /opt you can install update files from Mozilla 
easily enough using sudo.  It takes typing a few characters vs. one click.


More information about the tor-talk mailing list