#4234: Investigate the Firefox update process
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: accepted
Type: task | Milestone: TorBrowserBundle 2.3.x-stable
Priority: major | Version:
Component: Tor | Keywords: tbb-bounty, tbb-usability,
Browser | pantheon, chronos, tbb-firefox-
Resolution: | patch,TorBrowserTeam201408,MikePerry201408R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
Ok, I took a look at this, and overall it looks good. I have two questions
though:
In browser/installer/removed-files.in, it looks like you deleted
msvcr100.dll. What is the effect of this and why was it done? Does it
exclude that file from removal/update?
In toolkit/mozapps/update/updater/updater.cpp get_valid_path(), it looks
like you allow symlink updates to specify paths in parent directories? Do
we need to be worried about this? Can it be used by a rogue/broken MAR
file to create symlinks outside of the TBB directory?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4234#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs