[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Linux_don't extract to root



On Tue, Apr 11, 2017 at 02:18:38PM -0500, Joe Btfsplk wrote:
> I'm not "doing" anything with /home permissions - it's Linux defaults.
> AFAIK, once a user logs into their 'nix acct, anything that writes to (most)
> files in /home can do so - w/o any prompting.

I think the confusion comes from the way you phrase this. No, a user cannot 
write to "/home", but to "/home/user". That's what you mean, right?

It should look something like this:

$ ls -lah /home/
total 12K
drwxr-xr-x  3 root      root      4.0K Dec 23 11:33 .
drwxr-xr-x 24 root      root      4.0K Sep 16  2016 ..
drwxr-xr-x 52 user      user      4.0K Apr 12 09:15 user

For the rest of this email, I'll assume that you mean "/home/user" when 
talking about "/home".

> For browsers - Firefox - that's full access to most things under .mozilla,
> but not Firefox program files - installed elsewhere.  In /home, the user is
> the owner & has full r/w/x permissions for most  files there - no PW
> required to change files there (once logged in).  There're some exceptions
> to that, like .local/keyrings.

Right.

> For TBB extracted to a folder in /home, on files I checked (tor,
> cached-certs, torrc, etc.) - the user is owner & has r/w/(x) permissions by
> default.  No PW required - like any document in /home.  So anything that
> makes it past basic defenses of the browser, NoScript, etc. - would
> generally have r/w/x permissions on most TBB files in /home - yes?

What? Do you mean like...web pages having access to the files in your home 
directory? That's not how web browsers work. A web page should never be able 
to just access files on your system. If something like this was possible, it 
would be considered an exploit. Not just with TBB, but with any browser. 
JavaScript is a sandbox and must be so.

> Conversely, Firefox installed to /usr & other protected directories that
> most installed apps use, by default the user or anything making it onto the
> computer don't have w/x permissions for those "program files."  Yes?  That's
> part of Linux overall security.

Right, as long as you don't talk about web pages. They don't have any file 
access in general.

> Maybe I'm missing something.  Tor Project goes to great lengths to provide
> uncompromised TBB copies & ways to verify them, but at least in Linux -
> advises putting it in the least secure area, so  it can update automatically
> with one click?  (because TBB wasn't installed via a Linux software manager
> & therefore automatic updates wouldn't be allowed).  Seems like that's in
> opposition to all the other TBB security efforts.
> 
> When Linux users choose to D/L the latest release from mozilla & install to
> /opt or /usr/local, it won't update automatically or w/ a  click, AFAIK.
> Unless you change ownership / permissions of those directories - which I've
> read is a bad idea, security wise.  (I'm not sure the D/L Linux Fx ver has
> "update now" available in about:firefox, anyway).
> 
> But, for Fx or Tbird in /opt you can install update files from Mozilla
> easily enough using sudo.  It takes typing a few characters vs. one click.

Both methods (putting apps into global dirs vs. putting them into home dirs) 
have their own advantages and disadvantages. With globally installed apps, you 
can install updates for every user simultaneously and it saves disk space. On 
the other hand, it requires a privileged user the always keep stuff 
up-to-date, whereas with the other method, non-privileged users can perform 
their own updates themselfes. You need to keep in mind that there are many 
multi-user systems out there, where some users simply don't have root/sudo 
permissions.

-- 
4096R/1224DBD299A4F5F3
47BC 7DE8 3D46 2E8B ED18  AA86 1224 DBD2 99A4 F5F3

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk