[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature verification to prevent modification of omni.ja

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #26212 [Applications/Tor Browser]: Use digital signature verification to prevent modification of omni.ja
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 20 Oct 2018 14:09:31 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 20 Oct 2018 10:09:41 -0400
In-reply-to: <050.804088043014c10713a3ebc45dfd7eef@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <050.804088043014c10713a3ebc45dfd7eef@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26212: Use digital signature verification to prevent modification of omni.ja
--------------------------------------+-----------------------------------
 Reporter:  indigotime                |          Owner:  tbb-team
     Type:  enhancement               |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by indigotime):

 Replying to [comment:4 gk]:
 > Rather you seem to be worried about an attacker taking one our our
 bundles (e.g. the Linux one), extracting the `omni.ja` files, inserting a
 backdoor and then redistributing that as Tor Browser? Is that reading of
 your bug report correct?
 Yes, that reading of my bug report is correct.

 > And why just the `omni.ja` files because the Firefox binary or any
 library could get corrupted as well serving malware?
 1) It's easier to modify omni.ja JavaScript modules rather than patching
 binaries/DLLs.
 2) For antivirus scanners, it's easier to detect malware in binary files.
 But you're right, DLL's signatures also should be verified at Tor Browser
 startup.

 >And as a side-effect: messing with those files will invalidate the GPG
 signature.
 I assume that many Tor Browser users are often ignorant about GPG
 signatures, and I don't see any way to make them verify those signatures.
 > So, I am not seeing how we win anything by deploying some elaborate
 signature scheme for omni.ja files.
 We can't protect Tor Browser executable from modification, but we can make
 Tor Browser files modification harder.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26212#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #27325, #27417, #27995
Next by Author: Re: [tor-bugs] #26475 [Applications/Tor Browser]: ESR60-based Tor Browser bundles are not built reproducibly with Stylo enabled using rustc > 1.25.0
Previous by thread: Re: [tor-bugs] #28132 [Internal Services/Tor Sysadmin Team]: Add 'linus' to 'adm'
Next by thread: Re: [tor-bugs] #25578 [Applications/Tor Browser]: Package and distribute Tor Browser using Flatpak
Index(es):
- Author
- Thread