Opened 4 years ago

Last modified 20 months ago

#14795 needs_information defect

Windows Environmental Variables not usable in Profiles.ini when deploying tor browser across a domain

Reported by: johnakabean Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: windows, variables, windows environment, windows environmental variables, windows variables
Cc: brade, mcs, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We run a domain and tor.exe as nt services on the DC's. We are trying to deploy torbrowser, by request of users, for its privacy features. I setup a default profile to deploy to the user's roaming profiles and torbrowser's profiles.ini ( in %ProgramFiles(X86)% ) is set to look for them in "Path=%Appdata%\TB\Profile" (Profiles.ini config). However, torbrowser refuses to litigate environmental variables of the domain ( %variable%).

For security, our users cannot run .exe's on the domain that are not installed in either of the Program Files locations or the windows directory; we must deploy it this way, which is also the corrrect way, per MCSE and RFC's.

Firefox has no problem doing this, which we have had deployed the same for years. I am even giving current users an option to COPY their firefox profile as their torbrowser profile instead of copying from the Domain's Skeleton where I have put a default torbrowser profile.

Of course, since we have tor running on port 1080 of the DC's and have configured load balancing and the default profile to use it, I removed tor launcher from tor browser; It's just the browser that they're running as their username. It would be unwise and ridiculous to have 10,000 tor.exe's running, one for each logged in user.

I even setup the tor's to utilize our ipv6 native network, which the clients running tor.exe wouldn't be able to do if we allowed tor.exe to run on the workstations.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by mcs

Cc: brade mcs added
Status: newneeds_information

I would like to help, but I am not familiar with this feature of Firefox and I cannot find any documentation for it.

Can you provide step-by-step instructions for testing this in a recent versiom of Firefox? Do I need to do anything other than edit profiles.ini so it contains a Path value with %AppData% in it?

comment:2 Changed 4 years ago by gk

Cc: gk added
Priority: blockernormal

comment:3 Changed 4 years ago by johnakabean

Ok so I found workaround for this until profiles.ini supports using windows variables (%appdata%\TorBrowser) for the profile path.

Enforcing shortcut .lnk files to firefox.exe as "firefox.exe -profile %appdata%\torbrowser" made it work perfect to use the domain user's roaming profile directly, dynamically linked for each user. However, they cannot create more than 1 profile using this.

I suggested to Sebastien to document this ability of tor browser's binary on the website and he said add it here; however I would like to consolidate to one ticket, to withhold clutter. So, here's the suggestion as a comment of the problem instead of opening a new ticket.

comment:4 in reply to:  1 Changed 4 years ago by johnakabean

Thank you Brade MCS for the reply. I haven't checked this in a while and apologize. Yes, all you do is add %appdata% or any %variable% to profile path, just like the workaround I posted below in a comment, and have tor browser pass it as a literal path to windows and windows will take care of the rest.

I understand why it doesn't work at the moment as torbrowser expects %h (one % sign) for variables it parses itself but it doesn't turn %h into the environmental variable on windows, only Unix/Linux.

So, when the code of torbrowser looks for %h or variables on unix or linux, have it check to make sure the following perl regexp matches before marking it as the current allowed variablesin the profile path: (/?%[\w0-9.+=\[\]&\(\)_-]+[^%]) Basically, have it look for beginning in % and ending in it, without a "/" between them, to determine if it's a built in variable or windows variable.

Replying to mcs:

I would like to help, but I am not familiar with this feature of Firefox and I cannot find any documentation for it.

Can you provide step-by-step instructions for testing this in a recent versiom of Firefox? Do I need to do anything other than edit profiles.ini so it contains a Path value with %AppData% in it?

Last edited 4 years ago by johnakabean (previous) (diff)

comment:5 Changed 20 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.