Opened 8 months ago

Closed 7 months ago

Last modified 7 months ago

#28678 closed defect (duplicate)

Tor on windows needs to be installed and operated insecurely in user home directory

Reported by: db Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On Windows platforms, it appears that Tor needs to be installed in a user's home directory. Executable files that need network access should be installed in %PROGRAMFILES%. Why? Files in a user directory are more likely to be infected, malware, etc. On secure unix systems, for example, it is not uncommon for there to be no allowed executables in $HOME.

Can you install into %PROGRAMFILES%?

You can install tor there, yes, but it does not function. The browser, firefox.exe, complains with:

"Tor Browser does not have permission to access the profile. Please adjust your file system permissions and try again."

In https://trac.torproject.org/projects/tor/ticket/17929, the advice given is to re-install Tor and the problem will go away. I'm sorry but every time I remove and re-install Tor I get the above error message.

If I start it like this:

"C:\Program Files\Tor Browser\Browser\firefox.exe" /profile %APPDATA%/tor/profile

If I didn't know better, the contents of "Tor Browser\Browser\TorBrowser\Data\Browser\profile.default" need to be in %APPDATA%/tor/profile.

But that's not enough. For some reason firefox wants to create this file:

%PROGRAMFILES%\Tor Browser\Browser\TorBrowser\Tor\torrcc-defaults

Curiously, the "Process Monitor" (sysinternals) reports a number of "Buffer Overflow" results for calls to "QueryAllInformationFile" from firefox.exe.

Anyway...

The above "torcc-defaults" file is not created by the installer, it needs to be created manually as follows:
1) create "torcc"file in %APPDATA%\tor
2) copy content to it from https://github.com/jessfraz/dockerfiles/blob/master/tor-proxy/torrc.default
3) copy "torcc" file to "%PROGRAMFILES%\Tor Browser\Browser\TorBrowser\Tor"
4) rename "torcc" to "torcc-defaults"

Child Tickets

Change History (4)

comment:1 Changed 8 months ago by db

Why do all of the above?

1) The Tor installer lets me choose where to install it. Therefore it should "just work" wherever it is installed.
2) As a matter of principal, applications should be installed in application directories, away from user data and user data shouldn't be where users run programs from.

comment:2 in reply to:  1 Changed 8 months ago by teor

Replying to db:

Why do all of the above?

1) The Tor installer lets me choose where to install it. Therefore it should "just work" wherever it is installed.
2) As a matter of principal, applications should be installed in application directories, away from user data and user data shouldn't be where users run programs from.

On Windows 10, Microsoft has an optional feature that protects the home directory and desktop from modification. When this feature is turned on, Tor Browser doesn't work, because it is installed on the desktop in the home directory.

comment:3 Changed 8 months ago by db

As an addendum, shortcuts can have command arguments, so installing a shortcut with this as the target in the Start Menu works for each user individually:

"C:\Program Files\Tor Browser\Browser\firefox.exe" /profile %APPDATA%\tor\profile

comment:4 Changed 7 months ago by gk

Component: ApplicationsApplications/Tor Browser
Owner: set to tbb-team
Resolution: duplicate
Status: newclosed

Tor Browser on Windows is not separated yet regarding binary and user data. This is the topic of #18367. Closing this ticket as a duplicate.

Last edited 7 months ago by gk (previous) (diff)
Note: See TracTickets for help on using tickets.