[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Linux_don't extract to root

Look, if you have malicous software running on the system with normal user 
priviliges, you are in big trouble anyway. There's so many things that 
malicous software could do even if TBB was installed at a non-writable 
location. Just as a simple example, malware could just change the location in 
your TBB desktop and launcher links and still trick you into launching 
malicous software. That's just a really silly example, but the point is that 
once the malware is running, it is too late. Storing software in non-writable 
locations is such a small useless mitigation technique in contrast to what 
malware could do. I agree that putting TBB to /opt would give you a tiny bit 
of extra security. But for the price of the user not being able to install 
updates, that might just not be worth it. Having software being stored in 
central directories is not much of a security feature.

BTW: The user profile of TBB would still be located in the home directory. It 
would have to be. Malware could insert malicous stuff in there too like custom 
Tor circuit settings, browser setting, NoScript rules, Add-Ons... You get the 
47BC 7DE8 3D46 2E8B ED18  AA86 1224 DBD2 99A4 F5F3

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to