Opened 2 months ago

Last modified 2 months ago

#32418 needs_information defect

Torbrowser tells on every start, that it can't update although it is newest

Reported by: Yeti Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-update
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Torbrowser 9.01/Windows 7 x86

Torbrowser tells on every start, that it can't update although it is newest

(I try to attach a screenshot, this seems to be difficult)

Child Tickets

Attachments (1)

tor.png (47.3 KB) - added by Yeti 2 months ago.
message on startup

Download all attachments as: .zip

Change History (7)

Changed 2 months ago by Yeti

Attachment: tor.png added

message on startup

comment:1 Changed 2 months ago by pili

Status: newneeds_information

Hi,

Can you please enable update logging (visit about:config and update app.update.log preference to true.) You should then be able to see the update check logs in the browser console.

It would be helpful if you can send those on or let us know if you see any errors there.

Thanks!

comment:2 Changed 2 months ago by mcs

Keywords: tbb-update added

comment:3 Changed 2 months ago by Yeti

Thanks, now I see, that Torbrowser misses write access for the program directory. I guess, this check should be done, when updates exist, not before.

I install Torbrowser into %programfiles%, where users don't have write-access. Virtualization is disabled. Datadir I made writable (but not executable), because I didn't find a setting for relocating it. I handle updates manually as administrator. That's the safest way to avoid compromizing program files.

update_messages.log:
Logging current UpdateService status:
UpdateService.canCheckForUpdates - able to check for updates
getCanApplyUpdates - unable to apply updates without write access to the update directory. Exception: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFile.create]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: resource://gre/modules/FileUtils.jsm :: FileUtils_getDir :: line 76" data: no]
getCanStageUpdates - staging updates is disabled by preference app.update.staging.enabled
Elevation required: false
Update being handled by other instance: false
Downloading: false
End of UpdateService status

comment:4 Changed 2 months ago by mcs

Kathy and I did some investigation and learned that (on Windows only) Mozilla tries to fix file system permissions whenever it detects that it cannot write to the update info directory or to the directory that contains the application. Unfortunately, there are quite a few places where this kind of fix up is attempted (if you are curious, look for calls to fixUpdateDirectoryPermissions() within toolkit/mozapps/update/UpdateService.jsm and trace the call chains).

If the permission fix up fails, a "manual update required" prompt is shown (which is what the reporter of this bug is seeing).

The entire update service relies upon being able to write to the update info directory, so it will be difficult to support a "read only" update info directory. In other words, Firefox's updater was not designed with this scenario in mind.

A better approach, assuming we think it is a good idea to support it, would be to disable the update checks. Unfortunately, the only way to disable update check in recent versions of Firefox is via the enterprise policies mechanism, and that mechanism is disabled in Tor Browser (see #30575).

Tor Browser team: Do we want to provide a way to disable the update check, e.g., by re-implementing support for the old app.update.enabled pref? We would need to ensure that that pref is checked very early; for example, the UpdateService JS constructor calls a getter that causes the file system permission fix to be attempted on Windows, which would trigger the "manual update required" prompt. Mozilla removed the capability for users to disable the update check because they do not want users to run outdated browsers.

An alternative would be to disable the code that tries to fix file system permissions on Windows, but we would then need to verify that doing so does not lead to another code path that causes the browser to display an update error prompt.

Another alternative would be to decide that installing in a read-only area of the file system and updating the browser manually is not something we can support.

comment:5 in reply to:  4 Changed 2 months ago by boklm

Replying to mcs:

Tor Browser team: Do we want to provide a way to disable the update check, e.g., by re-implementing support for the old app.update.enabled pref? We would need to ensure that that pref is checked very early; for example, the UpdateService JS constructor calls a getter that causes the file system permission fix to be attempted on Windows, which would trigger the "manual update required" prompt. Mozilla removed the capability for users to disable the update check because they do not want users to run outdated browsers.

In the blog comments there were a few people unhappy about not having an easy way to disable updates. In some cases it can be useful to have a way to disable the updater, so I think having support for the app.update.enabled pref would be nice.

comment:6 in reply to:  4 Changed 2 months ago by Yeti

Replying to boklm:

In some cases it can be useful to have a way to disable the updater, so I think having support for the app.update.enabled pref would be nice.

I support that.
At least until Mozilla decides to change this doubtful behaviour. Programs started with user rights shouldn't be able to write into program directories. It's easy to click away the warning at every start but when it gets habitual (or someone writes a userscript for that), it's bad.

Replying to mcs:

Another alternative would be to decide that installing in a read-only area of the file system [...] is not something we can support.

This would be the worst case, especially for security related software. (IMHO this even should be default.)

Note: See TracTickets for help on using tickets.