From ae058fb1da054945dc2cd9e50d41f4f96cd69394 Mon Sep 17 00:00:00 2001 From: Claude Date: Wed, 8 Apr 2026 11:20:37 +0000 Subject: [PATCH] fix: security bugs in tb_run_function and version-parser tb_run_function: Fix indirect variable test `[[ -v "${tb_skip_functions}" ]]` which tested whether a variable named by the *value* of tb_skip_functions existed, rather than testing tb_skip_functions itself. This allowed bypassing any security function (including signature verification) by setting two environment variables: e.g. `tb_openpgp_verify=1 tb_skip_functions=tb_openpgp_verify`. version-parser: Tighten output file permissions from 0644 to 0600 to avoid creating world-readable temp files before input validation completes. https://claude.ai/code/session_01AUkdbvpoC4YFpZXtaMTypQ --- usr/bin/update-torbrowser | 2 +- usr/libexec/tb-updater/version-parser | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/bin/update-torbrowser b/usr/bin/update-torbrowser index 7935f94..f7b88ba 100755 --- a/usr/bin/update-torbrowser +++ b/usr/bin/update-torbrowser @@ -204,7 +204,7 @@ download_fail_help_set() { } tb_run_function() { - [[ -v "${tb_skip_functions}" ]] || tb_skip_functions='' + [[ -v tb_skip_functions ]] || tb_skip_functions='' case $tb_skip_functions in *"$@"*) log notice "Skipping '$*', because tb_skip_functions includes it." return 0 diff --git a/usr/libexec/tb-updater/version-parser b/usr/libexec/tb-updater/version-parser index 150ae0d..e034624 100755 --- a/usr/libexec/tb-updater/version-parser +++ b/usr/libexec/tb-updater/version-parser @@ -102,7 +102,7 @@ if not input_path.is_file(): sys.exit(2) else: try: - output_path.touch(mode=0o644, exist_ok=True) + output_path.touch(mode=0o600, exist_ok=True) except Exception: print_noisy("ERROR: Cannot access output file.") sys.exit(2)