[tor-talk] Tor Browser Linux_don't extract to root

Joe Btfsplk joebtfsplk at gmx.com
Wed Apr 12 22:32:14 UTC 2017 


On 04/12/2017 03:23 AM, Jonathan Marquardt wrote:
> Both methods (putting apps into global dirs vs. putting them into home 
> dirs)
> have their own advantages and disadvantages.
>
Jonathan - thanks.  Other than automatically updating, what are the 
advantages of installing to /home/user - or somewhere not root owned?
The other main disadvantage is, it makes TBB program files easily 
accessible to malware, or anyone / thing w/ access to your machine, 
after the user logs on.

Yes - technically /home/user.  There is a separate "/home" under System 
Files, but if there's only one user acct, then it contains the same 
folders as clicking /home/user.  AFAIK, for single user acct setup, the 
only things under "/home" are user files & settings.  Most  accessible 
by the acct user w/o a PW.

No, I don't mean "ordinary, non-malicious stuff" D/L through TBB. TBB 
isn't 100% bullet proof - nor any other app.  I mean malicious things 
that could slip by, even via zero days.  Zero days - maybe unlikely.  
Other methods - apparently not terribly difficult.

That's why I said, "So anything that makes it past basic defenses of the 
browser, NoScript, etc. - would
generally have r/w/x permissions on most TBB files in /home(/user)."
I assumed that was clear it implied malware, or a malicious sites, or 
adversary - say, trying to modify TBB program files, etc.  Not ordinary 
websites, following the rules.

Again, IIUC, "malware" making it past browser & NoScript defenses and AV 
- if using one,  has far easier access to TBB program files than apps 
installed to  limited permissions directories.  TBB files are less 
protected than a normal browser installed from repositories, or even 
installed manually to say, /opt.
That's the part I don't understand - why TorProject seems to encourage 
lessening some of Linux security, rather than increasing it.

Perhaps if Tor Project doesn't want to set up a PPA (and guard, monitor 
it) - so TBB can auto-update, they should include a sort of "Tor / TBB 
file checker" - to monitor for changed files that shouldn't change, 
unless from updates.
Seems logical to create a PPA.  They could / should check signatures - 
automatically - when the updates / installs finish downloading from the 
PPA, before installing.

More information about the tor-talk mailing list