Opened 7 years ago

Closed 4 years ago

#8376 closed defect (fixed)

Tor expert bundle requires "Run as Administrator" to install on Win 7 (and Win 8?)

Reported by: cypherpunks Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords: needs-triage, tbb-helpdesk-frequent
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As the subject line states, Tor cannot install into C:\PROG FILES (x86)\ without running it as admin. Is this a bug? It sure bugs me! ;)

This has been an ongoing issue for some time, however, up until I tried to install v0.2.4.10-alpha-win32-1 all the alphas would install w/o running as admin, they just wouldn't start if installed into /PROG FILES/, as I use TBB Vadlia instance to run the alpha Tor, not the stable Tor found in Windows TBB.

Previous Tor alphas installed on my Win 7 PC had to be installed into dirs other than \PROG FILES\, e.g., \APPDATA\ or \MY DOCS\, otherwise, if they were installed into \PROG FILES\ the Tor wouldn't start when Vidalia tried to start the Tor.

I have attached a screenshot of the error message

Child Tickets

Attachments (2)

v0.2.4.100-alpha_install_error.jpg (87.1 KB) - added by cypherpunks 7 years ago.
Screenshot of install error message
installthewindowsway.patch (1.3 KB) - added by mttp 5 years ago.

Download all attachments as: .zip

Change History (33)

Changed 7 years ago by cypherpunks

Screenshot of install error message

comment:1 Changed 7 years ago by cypherpunks

I should append that message to add a bit of info:

Previous to v0.2.4.10-alpha-win32-1, when I tried to install alphas into \PROG FILES (x86)\, as administrator or not, Tor would tell me it installed correctly, but the Tor dir and files were never created in \PROG FILES (x86)\. Thus I had to install Tor alpha into \APPDATA\ or \MY DOCS\.

comment:2 Changed 7 years ago by cypherpunks

Ok, quick update: When I configure Vadalia to use Tor alpha in \PROG FILES 9x86)\ OR Tor alpha in \MY DOCS\, TBB can't access the Internet - even though Vadalia says Tor is up and running. This has never happened before.

If I run TBB w/o configuring it to use the installed alpha Tor, TBB is able to surf the 'Net. If I run TBB w/configuring it to use the installed alpha TOr, TBB is unable to surf the 'Net.

WTF? (my firewall isn't the issue . . . )

comment:3 Changed 7 years ago by cypherpunks

I've created a new ticket that's related to this one: #8378 "Windows TBB Firefox breaks when Valida calls Tor *not* as ./tor.exe"

comment:4 Changed 7 years ago by mo

Resolution: not a bug
Status: newclosed

Where did you get that Tor version from? This is definitely not one of our releases. We don't yet have a fancy installer. ( #7842 )

You can't install to Program Files, because you need administrator privileges for that. That is not a bug in Tor, that is a (sane) Operating System restriction. Users are and should not be able to globally install applications.

The Tor Browser Bundle differs from your regular applications in that it is "portable". You can take the directory with you, for example on a USB stick. This means it does not write anything outside its own directories, and works even if people don't have administrative rights. In turn it will need write privileges to its own directories, something an application should not have (and does not have) for its Program Files directory.

In short, don't install Tor Browser to Program Files.

comment:5 Changed 7 years ago by cypherpunks

Resolution: not a bug
Status: closedreopened

Hi again mo,

I got that Tor from the Tor Project web site of course: https://www.torproject.org/dist/win32/tor-0.2.4.10-alpha-win32-1.exe

You can install into PROG FILES, tons of programs do so without needing to be as right-click > "run as administrator". If Tor doesn't also do so it's a bug, unless a Tor core person states Tor Project doesn't want to install Tor the way Windows programs are supposed to be installed.

I know all about TBB and Tor, I've been using Tor for *many* years, and in fact, I was the one who came up with the concept for TBB with Steven on IRC some years ago ;)

This is a bug, so I'm re-opening it until a core Tor person states they don't want to properly install Tor.

By the way, the Windows installer for Tor chooses \PROG FILES (x86)\ by default.

comment:6 in reply to:  4 Changed 7 years ago by cypherpunks

Replying to mo:

The Tor Browser Bundle differs from your regular applications in that it is "portable". You can take the directory with you, for example on a USB stick. This means it does not write anything outside its own directories, and works even if people don't have administrative rights. In turn it will need write privileges to its own directories, something an application should not have (and does not have) for its Program Files directory.

In short, don't install Tor Browser to Program Files.

We're talking about Tor, not TBB.

comment:7 Changed 7 years ago by cypherpunks

I just want to point out to anyone reading, there are two potential bugs here:

1) Tor isn't installing correctly; this bug is discussed in this ticket

2) Tor alpha v0.2.4.10-win32-1 hasn't had its SOCKS updated to 9150; this possible bug is discussed in ticket #8378 https://trac.torproject.org/projects/tor/ticket/8378

comment:8 in reply to:  7 ; Changed 7 years ago by mo

Component: TorTor bundles/installation
Version: Tor: 0.2.4.10-alpha

Oh. Cool. I did not know the expert bundle comes with a fancy installer. Sorry. You are right, this should be fixed in some way. Maybe by dropping the installer. ;-) It is an old installer, and was not updated since Windows allows applications to request higher privileges (if I remember correctly, this was introduced in Vista). It should not in general require administrative privileges, so I doubt this is easy to do using the framework provided.

Maybe the whole release should be merged or at least be based on the new installer for TBB as discussed in #7842.

comment:9 in reply to:  8 ; Changed 7 years ago by cypherpunks

Replying to mo:

Oh. Cool. I did not know the expert bundle comes with a fancy installer. Sorry. You are right, this should be fixed in some way. Maybe by dropping the installer. ;-) It is an old installer, and was not updated since Windows allows applications to request higher privileges (if I remember correctly, this was introduced in Vista). It should not in general require administrative privileges, so I doubt this is easy to do using the framework provided.

Maybe the whole release should be merged or at least be based on the new installer for TBB as discussed in #7842.

I agree about the installer being old. I would love to see a version of TBB with alpha Tor released along side TBB with stable Tor, even if the TBB itself isn't alpha (and maybe hide the link deep in Tor web site).

Jacob (or someone in Tor core) wrote a nice script to pull alpha TBB (Windows) and build it pretty much with full automation. Though last I read the script is outdated for new TBB, sadly.

comment:10 in reply to:  8 Changed 7 years ago by cypherpunks

Replying to mo:

Maybe the whole release should be merged or at least be based on the new installer for TBB as discussed in #7842.

Yes, that would be very nice. Or, the new potential python based Tor UI (tentatively called "Vadalia 2.0") could handle the install for a Tor that's not in TBB.

comment:11 Changed 7 years ago by cypherpunks

On topic bug report I just wrote:

#8383 "Tor alpha does not create Start menu entry in Windows 7"

comment:12 Changed 7 years ago by cypherpunks

The easiest atypical fix for this would be to update the Tor alpha installer to point to \MY DOCS\ instead of \PROG FILES (x86)\

comment:13 Changed 7 years ago by cypherpunks

Mo, are you Moritz? If so, you're effing great! :D

(sorry for the off-topic message, but I was reading #7842 and realized you may be Mortiz; if not, I'm sure you're still great!)

comment:14 Changed 7 years ago by mo

To request administrative privileges, change "RequestExecutionLevel user" to "RequestExecutionLevel admin" to tor-mingw.nsi.in. Downside: It only actually needs admin if the user wants to install to Program Files or similar.

To change proposed installation directory, replace "InstallDir $PROGRAMFILES\Tor" to "InstallDir $DOCUMENTS\Tor" (or "InstallDir $LOCALAPPDATA\Tor".

All of these changes are not ideal.

Maybe just really drop the installer altogether and go for a zip. In the end, it IS the expert bundle.

comment:15 Changed 7 years ago by cypherpunks

Thanks.

If Tor Project releases 7zip'ed version I'm all for it. This isn't my day job (I'm a plant physiologist by training) so I'm not much use for codeing, etc. I'm more of a muse for Tor Project. E.g., when Mike and I first talked about creating TorButton, but I suck so I couldn't do it, and he did wrote it instead. That's also how TBB came to be: I started making it but I suck, so on IRC I was talking about it and Steven took over.

comment:16 in reply to:  9 ; Changed 7 years ago by arma

Replying to cypherpunks:

I would love to see a version of TBB with alpha Tor released along side TBB with stable Tor, even if the TBB itself isn't alpha (and maybe hide the link deep in Tor web site).

You are in luck! We even hid the link well too, like you suggested. ;)

Go to the Tor Browser documentation page, and look for the 'alpha' section.

comment:17 in reply to:  16 Changed 7 years ago by cypherpunks

Replying to arma:

Replying to cypherpunks:

I would love to see a version of TBB with alpha Tor released along side TBB with stable Tor, even if the TBB itself isn't alpha (and maybe hide the link deep in Tor web site).

You are in luck! We even hid the link well too, like you suggested. ;)

Go to the Tor Browser documentation page, and look for the 'alpha' section.

Great, thanks. See, it's like I said: I suck :)

comment:18 Changed 5 years ago by erinn

Keywords: needs-triage added

comment:19 Changed 5 years ago by mttp

Keywords: tbb-helpdesk-frequent added

As noted in #12617:

If the Tor Windows installer is run by a user besides Administrator, the
user will not prompted to run the installer as Administrator, dead
shortcuts will be created in the Start Menu and Desktop, and Tor will
not be installed in Program Files. If the user right-clicks the installer
to run it as Administrator, everything will be created as it should.

This is confusing behavior for many users.

Changed 5 years ago by mttp

Attachment: installthewindowsway.patch added

comment:20 Changed 5 years ago by mttp

Status: reopenedneeds_review

Replying to mo:

To request administrative privileges, change "RequestExecutionLevel user" to "RequestExecutionLevel admin" to tor-mingw.nsi.in. Downside: It only actually needs admin if the user wants to install to Program Files or similar.

...

All of these changes are not ideal.

My guess is that if this problem is fixed by changing the installation
directory to some unprivileged location, e.g. in the user directory,
many users installing Tor will try to set the installation directory to
"Program Files" anyways because they are used to having all their
applications in one folder. If they are running the installer as their
regular user, they won't be happy when the installation fails in this
case. I used to see users try to do this with the old-style Tor Browser
Bundles.

Installing Tor to Program Files is the correct "Windows way" of installing
system software. If a user is setting up a relay or a hidden service with
Tor they will probably need full machine access anyway to do things like
install a web server or open router ports, so I don't see requiring Admin
privileges for Tor installation as a huge loss. Remember it's only the
installer getting Admin access, not Tor.

Based on a code comment by the 'RequestExecutionLevel user' line, my
guess is that whoever last modified that line replaced the admin value
with user only to preserve compatibility with Windows XP and below,
which can't respond to that line in the correct manner. There's another
way to support Windows XP though, which is to check directly whether or
not the user is Administrator and tell them they need to be if the answer
is no.

I've attached a patch that automatically prompts for Administrator access
when the installation starts (the Windows way) for users of Vista and above,
and also tells users of Windows XP and below that they need to run the
installer as Administrator. I believe this behavior provides a much better
experience than the current behavior, wherein users have to "just know" to
right-click and run the installer as Administrator or face a variety of
undocumented confusions.

comment:21 Changed 5 years ago by arma

Matt: it looks like this patch is to our old mingw windows installer code? Maybe this is used by Erinn to build the expert Windows packages?

I think it isn't what the Tor Browser team use to build the Tor Browser packages for Windows though.

comment:22 in reply to:  21 Changed 5 years ago by mttp

Replying to arma:

Matt: it looks like this patch is to our old mingw windows installer code? Maybe this is used by Erinn to build the expert Windows packages?

I think it isn't what the Tor Browser team use to build the Tor Browser packages for Windows though.

I am loath to correct arma, but I believe you are mistaken. This ticket is about the Tor Expert Bundle for Windows, not about Tor Browser or Tor Browser Bundle.

comment:23 Changed 5 years ago by arma

No, carry on, I think you're right.

Was there another ticket for TBB installation authorization problems on Windows? Or I am imagining things?

comment:24 Changed 5 years ago by arma

Summary: Tor requires "Run as Administrator" to install on Win 7 (and Win 8?)Tor expert bundle requires "Run as Administrator" to install on Win 7 (and Win 8?)

comment:25 in reply to:  23 Changed 5 years ago by gk

Replying to arma:

Was there another ticket for TBB installation authorization problems on Windows? Or I am imagining things?

You are not: #12678.

comment:26 Changed 5 years ago by gk

Owner: set to mo
Status: needs_reviewassigned

I wonder who should do the review (and above all the merging)... Assigning this to Moritz for both for now.

comment:27 Changed 5 years ago by gk

Status: assignedneeds_review

comment:28 Changed 5 years ago by mttp

Erinn informs me that she also has an alternate fix for this issue at https://gitweb.torproject.org/erinn/tor.git/blobdiff/e6590efaa77c8cf186ce92e6ebad175e9c6450d1..d7cfeafac21c1b7f1641aa432146643bbc6e4c29:/contrib/tor-mingw.nsi.in

Erinn's fix also addresses #7956, which makes it extra nice. Once it gets rebased, it seems like a superior solution to the one I provided.

comment:29 Changed 5 years ago by mo

Owner: changed from mo to erinn
Status: needs_reviewassigned

I haven't ever touched the expert bundle. I don't think anyone actually owns them at the moment, but Erinn is closest.

comment:30 Changed 5 years ago by mttp

Erinn tells me she's working on a new NSI script and gitian descriptor that will live in the builders/tor-browser-bundle.git repo. I think the current plan is to move the current NSI scripts out of the tor.git repo entirely once that is complete. It sounds like any patches for the current NSI script in the Tor repo would not be all that useful right now, since that script will be replaced soon anyway with a new one for use with gitian.

comment:31 Changed 4 years ago by cypherpunks

Resolution: fixed
Status: assignedclosed

Tor expert bundle shipped as zip file nowadays.
Closing as fixed.

Note: See TracTickets for help on using tickets.