[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 22 Aug 2019 22:05:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 22 Aug 2019 18:05:22 -0400
In-reply-to: <042.7e3c63b566d129c97dc2a7973836f040@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.7e3c63b566d129c97dc2a7973836f040@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30126: Make Tor Browser on macOS compatible with Apple's notarization
------------------------------------------------+--------------------------
 Reporter:  gk                                  |          Owner:  tbb-team
     Type:  task                                |         Status:  new
 Priority:  Very High                           |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201908  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by ha):

 Are the entitlement files Tor plans to use available online somewhere to
 look at.

 If you're using the Firefox production entitlements as a starting point,
 you might be able to change some rules to be more restrictive.

 Assuming Tor only loads shared libraries signed by Tor or Apple, you
 should be able to set the disable library validation entitlement[1] to
 false. Firefox needs to load libraries signed by Adobe and Google for
 Flash and Widevine video decoding respectively.

   com.apple.security.cs.disable-library-validation=false

 In Firefox, we had to recently set this[2] to true because some
 WebExtensions using the native message API relied on helper applications
 that use Apple Events. I suspect Tor wouldn't need this and could set the
 entitlement to false.

   com.apple.security.automation.apple-events=false

 1. https://developer.apple.com/documentation/bundleresources/entitlements
 /com_apple_security_cs_disable-library-validation
 2. https://developer.apple.com/documentation/bundleresources/entitlements
 /com_apple_security_automation_apple-events

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:40>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #31298 [Applications/Tor Browser]: Backport patch for #24056
Next by Author: Re: [tor-bugs] #31352 [Core Tor/Tor]: Jenkins failure on windows: ENETUNREACH undeclared.
Previous by thread: Re: [tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Next by thread: Re: [tor-bugs] #30126 [Applications/Tor Browser]: Make Tor Browser on macOS compatible with Apple's notarization
Index(es):
- Author
- Thread