#30126: Make Tor Browser on macOS compatible with Apple's notarization ------------------------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: task | Status: new Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-security, TorBrowserTeam201908 | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ------------------------------------------------+--------------------------
Comment (by ha): Are the entitlement files Tor plans to use available online somewhere to look at. If you're using the Firefox production entitlements as a starting point, you might be able to change some rules to be more restrictive. Assuming Tor only loads shared libraries signed by Tor or Apple, you should be able to set the disable library validation entitlement[1] to false. Firefox needs to load libraries signed by Adobe and Google for Flash and Widevine video decoding respectively. com.apple.security.cs.disable-library-validation=false In Firefox, we had to recently set this[2] to true because some WebExtensions using the native message API relied on helper applications that use Apple Events. I suspect Tor wouldn't need this and could set the entitlement to false. com.apple.security.automation.apple-events=false 1. https://developer.apple.com/documentation/bundleresources/entitlements /com_apple_security_cs_disable-library-validation 2. https://developer.apple.com/documentation/bundleresources/entitlements /com_apple_security_automation_apple-events -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30126#comment:40> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs