Opened 7 months ago

Last modified 7 months ago

#33667 new defect

TorBrowser installer bungles permissions when umask is set

Reported by: sdavids Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version: Tor: unspecified
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

TorBrowser-9.0.6-osx64_en-US

Previous versions worked OK.

As a sudoer:

Execute

# visudo

Add

Defaults        umask = 0022

Defaults        umask_override

Save

Execute

# sudo launchctl config user umask 002

Reboot


As a user:

Add to .zshrc / .bashrc

umask 077

References:

https://support.apple.com/en-us/HT201684

https://superuser.com/questions/79914/how-do-i-tell-sudo-to-write-files-with-a-umask-of-0022


Permissions after installation via TorBrowser-9.0.6-osx64_en-US.dmg:

# tree -p /Applications/Tor\ Browser.app

/Applications/Tor\ Browser.app

└── [drwxr-x---] Contents

├── [-rw-r-----] CodeResources

├── [-rw-r-----] Info.plist

├── [drwxr-x---] MacOS

│ ├── [drwxr-x---] Tor

│ │ ├── [drwxr-x---] PluggableTransports

│ │ │ └── [-rwxr-x---] obfs4proxy

│ │ ├── [-rwxr-x---] libevent-2.1.6.dylib

│ │ └── [-rwxr-x---] tor.real

│ ├── [-rwxr-x---] XUL

│ ├── [-rwxr-x---] firefox

│ ├── [-rwxr-x---] libfreebl3.dylib

│ ├── [-rwxr-x---] liblgpllibs.dylib

│ ├── [-rwxr-x---] libmozavcodec.dylib

│ ├── [-rwxr-x---] libmozavutil.dylib

│ ├── [-rwxr-x---] libmozglue.dylib

│ ├── [-rwxr-x---] libnss3.dylib

│ ├── [-rwxr-x---] libnssckbi.dylib

│ ├── [-rwxr-x---] libnssdbm3.dylib

│ ├── [-rwxr-x---] libplugin_child_interpose.dylib

│ ├── [-rwxr-x---] libsoftokn3.dylib

│ ├── [drwxr-x---] plugin-container.app

│ │ └── [drwxr-x---] Contents

│ │ ├── [-rw-r-----] Info.plist

│ │ ├── [drwxr-x---] MacOS

│ │ │ └── [-rwxr-x---] plugin-container

│ │ ├── [-rw-r-----] PkgInfo

│ │ ├── [drwxr-x---] Resources

│ │ │ └── [drwxr-x---] English.lproj

│ │ │ └── [-rw-r-----] InfoPlist.strings

│ │ └── [drwxr-x---] _CodeSignature

│ │ └── [-rw-r-----] CodeResources

│ └── [drwxr-x---] updater.app

│ └── [drwxr-x---] Contents

│ ├── [-rw-r-----] Info.plist

│ ├── [drwxr-x---] MacOS

│ │ └── [-rwxr-x---] org.mozilla.updater

│ ├── [-rw-r-----] PkgInfo

│ ├── [drwxr-x---] Resources

│ │ ├── [drwxr-x---] English.lproj

│ │ │ ├── [-rw-r-----] InfoPlist.strings

│ │ │ └── [drwxr-x---] MainMenu.nib

│ │ │ ├── [-rw-r-----] classes.nib

│ │ │ ├── [-rw-r-----] info.nib

│ │ │ └── [-rw-r-----] keyedobjects.nib

│ │ └── [-rw-r-----] updater.icns

│ └── [drwxr-x---] _CodeSignature

│ └── [-rw-r-----] CodeResources

├── [-rw-r-----] PkgInfo

├── [drwxr-x---] Resources

│ ├── [drwxr-x---] TorBrowser

│ │ ├── [drwxr-x---] Docs

│ │ │ ├── [-rw-r-----] ChangeLog.txt

│ │ │ └── [drwxr-x---] Licenses

│ │ │ ├── [-rw-r-----] Firefox.txt

│ │ │ ├── [-rw-r-----] HTTPS-Everywhere.txt

│ │ │ ├── [-rw-r-----] NoScript.txt

│ │ │ ├── [-rw-r-----] Noto-CJK-Font.txt

│ │ │ ├── [-rw-r-----] Noto-Fonts.txt

│ │ │ ├── [drwxr-x---] PluggableTransports

│ │ │ │ ├── [-rw-r-----] LICENSE

│ │ │ │ ├── [-rw-r-----] LICENSE.CC0

│ │ │ │ └── [-rw-r-----] LICENSE.GO

│ │ │ ├── [-rw-r-----] Tor-Launcher.txt

│ │ │ ├── [-rw-r-----] Tor.txt

│ │ │ └── [-rw-r-----] Torbutton.txt

│ │ └── [drwxr-x---] Tor

│ │ ├── [-rw-r-----] geoip

│ │ ├── [-rw-r-----] geoip6

│ │ ├── [-rwxr-x---] tor

│ │ └── [-rw-r-----] torrc-defaults

│ ├── [-rw-r-----] application.ini

│ ├── [drwxr-x---] browser

│ │ ├── [-rw-r-----] blocklist.xml

│ │ ├── [-rw-r-----] chrome.manifest

│ │ ├── [drwxr-x---] features

│ │ │ └── [-rw-r-----] onboarding@mozilla.org.xpi

│ │ ├── [-rw-r-----] omni.ja

│ │ └── [-rw-r-----] override.ini

│ ├── [-rw-r-----] chrome.manifest

│ ├── [drwxr-x---] defaults

│ │ └── [drwxr-x---] pref

│ │ └── [-rw-r-----] channel-prefs.js

│ ├── [-rw-r-----] dependentlibs.list

│ ├── [drwxr-x---] distribution

│ │ └── [drwxr-x---] extensions

│ │ ├── [-rw-r-----] https-everywhere-eff@eff.org.xpi

│ │ └── [-rw-r-----] {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

│ ├── [-rw-r-----] document.icns

│ ├── [drwxr-x---] en.lproj

│ │ └── [-rw-r-----] InfoPlist.strings

│ ├── [-rw-r-----] firefox.icns

│ ├── [drwxr-x---] fonts

│ │ ├── [-rw-r-----] NotoSansArmenian-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansBengali-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansBuginese-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansCanadianAboriginal-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansCherokee-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansDevanagari-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansEthiopic-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansGujarati-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansGurmukhi-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansKannada-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansKhmer-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansLao-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansMalayalam-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansMongolian-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansMyanmar-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansOriya-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansSinhala-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansTamil-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansTelugu-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansThaana-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansTibetan-Regular.ttf

│ │ ├── [-rw-r-----] NotoSansYi-Regular.ttf

│ │ └── [-rw-r-----] STIXMath-Regular.otf

│ ├── [-rw-r-----] omni.ja

│ ├── [-rw-r-----] platform.ini

│ ├── [-rw-r-----] precomplete

│ ├── [-rw-r-----] removed-files

│ ├── [drwxr-x---] res

│ │ ├── [drwxr-x---] MainMenu.nib

│ │ │ ├── [-rw-r-----] classes.nib

│ │ │ ├── [-rw-r-----] info.nib

│ │ │ └── [-rw-r-----] keyedobjects.nib

│ │ ├── [drwxr-x---] cursors

│ │ │ ├── [-rw-r-----] arrowN.png

│ │ │ ├── [-rw-r-----] arrowN@2x.png

│ │ │ ├── [-rw-r-----] arrowS.png

│ │ │ ├── [-rw-r-----] arrowS@2x.png

│ │ │ ├── [-rw-r-----] cell.png

│ │ │ ├── [-rw-r-----] cell@2x.png

│ │ │ ├── [-rw-r-----] colResize.png

│ │ │ ├── [-rw-r-----] colResize@2x.png

│ │ │ ├── [-rw-r-----] help.png

│ │ │ ├── [-rw-r-----] help@2x.png

│ │ │ ├── [-rw-r-----] move.png

│ │ │ ├── [-rw-r-----] move@2x.png

│ │ │ ├── [-rw-r-----] rowResize.png

│ │ │ ├── [-rw-r-----] rowResize@2x.png

│ │ │ ├── [-rw-r-----] sizeNE.png

│ │ │ ├── [-rw-r-----] sizeNE@2x.png

│ │ │ ├── [-rw-r-----] sizeNESW.png

│ │ │ ├── [-rw-r-----] sizeNESW@2x.png

│ │ │ ├── [-rw-r-----] sizeNS.png

│ │ │ ├── [-rw-r-----] sizeNS@2x.png

│ │ │ ├── [-rw-r-----] sizeNW.png

│ │ │ ├── [-rw-r-----] sizeNW@2x.png

│ │ │ ├── [-rw-r-----] sizeNWSE.png

│ │ │ ├── [-rw-r-----] sizeNWSE@2x.png

│ │ │ ├── [-rw-r-----] sizeSE.png

│ │ │ ├── [-rw-r-----] sizeSE@2x.png

│ │ │ ├── [-rw-r-----] sizeSW.png

│ │ │ ├── [-rw-r-----] sizeSW@2x.png

│ │ │ ├── [-rw-r-----] vtIBeam.png

│ │ │ ├── [-rw-r-----] vtIBeam@2x.png

│ │ │ ├── [-rw-r-----] zoomIn.png

│ │ │ ├── [-rw-r-----] zoomIn@2x.png

│ │ │ ├── [-rw-r-----] zoomOut.png

│ │ │ └── [-rw-r-----] zoomOut@2x.png

│ │ └── [drwxr-x---] touchbar

│ │ ├── [-rwxr-x---] back.pdf

│ │ ├── [-rwxr-x---] bookmark-filled.pdf

│ │ ├── [-rwxr-x---] bookmark.pdf

│ │ ├── [-rwxr-x---] forward.pdf

│ │ ├── [-rwxr-x---] fullscreen.pdf

│ │ ├── [-rwxr-x---] home.pdf

│ │ ├── [-rwxr-x---] new.pdf

│ │ ├── [-rwxr-x---] reader-mode.pdf

│ │ ├── [-rwxr-x---] refresh.pdf

│ │ ├── [-rwxr-x---] search.pdf

│ │ ├── [-rwxr-x---] share.pdf

│ │ ├── [-rwxr-x---] sidebar-left.pdf

│ │ └── [-rwxr-x---] sidebar-right.pdf

│ ├── [-rw-r-----] tbb_version.json

│ ├── [-rw-r-----] update-settings.ini

│ └── [-rw-r-----] updater.ini

└── [drwxr-x---] _CodeSignature

└── [-rw-r-----] CodeResources

36 directories, 143 files

Child Tickets

Change History (2)

comment:1 Changed 7 months ago by sdavids

The permissions are correct according to the umask but the installer should have ensured the application is usable by all.

comment:2 Changed 7 months ago by mcs

I did not follow the steps to reproduce this problem, but it does look like permissions changed between Tor Browser 9.0.4 and 9.0.5.

After mounting TorBrowser-9.0.4-osx64_en-US:

% ls -l Tor\ Browser/Tor\ Browser.app/Contents/MacOS/
total 210364
drwxr-xr-x  3 USER  staff       2048 Jan  9 06:44 Tor/
-rwxr-xr-x  1 USER  staff  100724160 Jan  9 05:08 XUL*
-rwxr-xr-x  1 USER  staff      36128 Jan  9 05:08 firefox*
...

After mounting TorBrowser-9.0.5-osx64_en-US:

ls -l Tor\ Browser/Tor\ Browser.app/Contents/MacOS/
total 210380
drwxr-x---  3 USER  staff       2048 Feb 11 11:18 Tor/
-rwxr-x---  1 USER  staff  100732448 Feb 10 16:43 XUL*
-rwxr-x---  1 USER  staff      36128 Feb 10 16:43 firefox*
...

I am not sure what caused this change though. The fix for #33200 only changed the permissions for bookmarks.html.

boklm or sysrqb, any ideas?

Note: See TracTickets for help on using tickets.