[tor-talk] Tor Browser Linux_don't extract to root
Jonathan Marquardt
mail at parckwart.de
Wed Apr 12 08:23:02 UTC 2017
On Tue, Apr 11, 2017 at 02:18:38PM -0500, Joe Btfsplk wrote:
> I'm not "doing" anything with /home permissions - it's Linux defaults.
> AFAIK, once a user logs into their 'nix acct, anything that writes to (most)
> files in /home can do so - w/o any prompting.
I think the confusion comes from the way you phrase this. No, a user cannot
write to "/home", but to "/home/user". That's what you mean, right?
It should look something like this:
$ ls -lah /home/
total 12K
drwxr-xr-x 3 root root 4.0K Dec 23 11:33 .
drwxr-xr-x 24 root root 4.0K Sep 16 2016 ..
drwxr-xr-x 52 user user 4.0K Apr 12 09:15 user
For the rest of this email, I'll assume that you mean "/home/user" when
talking about "/home".
> For browsers - Firefox - that's full access to most things under .mozilla,
> but not Firefox program files - installed elsewhere. In /home, the user is
> the owner & has full r/w/x permissions for most files there - no PW
> required to change files there (once logged in). There're some exceptions
> to that, like .local/keyrings.
Right.
> For TBB extracted to a folder in /home, on files I checked (tor,
> cached-certs, torrc, etc.) - the user is owner & has r/w/(x) permissions by
> default. No PW required - like any document in /home. So anything that
> makes it past basic defenses of the browser, NoScript, etc. - would
> generally have r/w/x permissions on most TBB files in /home - yes?
What? Do you mean like...web pages having access to the files in your home
directory? That's not how web browsers work. A web page should never be able
to just access files on your system. If something like this was possible, it
would be considered an exploit. Not just with TBB, but with any browser.
JavaScript is a sandbox and must be so.
> Conversely, Firefox installed to /usr & other protected directories that
> most installed apps use, by default the user or anything making it onto the
> computer don't have w/x permissions for those "program files." Yes? That's
> part of Linux overall security.
Right, as long as you don't talk about web pages. They don't have any file
access in general.
> Maybe I'm missing something. Tor Project goes to great lengths to provide
> uncompromised TBB copies & ways to verify them, but at least in Linux -
> advises putting it in the least secure area, so it can update automatically
> with one click? (because TBB wasn't installed via a Linux software manager
> & therefore automatic updates wouldn't be allowed). Seems like that's in
> opposition to all the other TBB security efforts.
>
> When Linux users choose to D/L the latest release from mozilla & install to
> /opt or /usr/local, it won't update automatically or w/ a click, AFAIK.
> Unless you change ownership / permissions of those directories - which I've
> read is a bad idea, security wise. (I'm not sure the D/L Linux Fx ver has
> "update now" available in about:firefox, anyway).
>
> But, for Fx or Tbird in /opt you can install update files from Mozilla
> easily enough using sudo. It takes typing a few characters vs. one click.
Both methods (putting apps into global dirs vs. putting them into home dirs)
have their own advantages and disadvantages. With globally installed apps, you
can install updates for every user simultaneously and it saves disk space. On
the other hand, it requires a privileged user the always keep stuff
up-to-date, whereas with the other method, non-privileged users can perform
their own updates themselfes. You need to keep in mind that there are many
multi-user systems out there, where some users simply don't have root/sudo
permissions.
--
4096R/1224DBD299A4F5F3
47BC 7DE8 3D46 2E8B ED18 AA86 1224 DBD2 99A4 F5F3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20170412/ef2b1e97/attachment.sig>
More information about the tor-talk
mailing list