tbb-dev

tbb-dev@lists.torproject.org

July 2017

12 participants
12 discussions

Tag: sandboxed-tor-browser-0.0.9
by Yawning Angel 04 Jul '17

04 Jul '17

Hello, I went and tagged because getting rid of `/proc` from the firefox container is big improvement both for security and fingerprinting resistance. Changes in version 0.0.9 - 2017-07-03: * Bug 22712: Suppress ATK Bridge initialization which will never work. * Bug 20773: Stop mounting /proc in the Tor Browser container. * Fix the build being broken on Debian Jessie due to #22648. * Remove the undocumented command line options that enable unsafe behavior. I had hoped to transition to using Tor Browser's built in AF_LOCAL support instead of LD_PRELOADing a stub that intercepts certain calls, but Tor Browser's (likely Firefox's) AF_LOCAL support is broken (https://trac.torproject.org/projects/tor/ticket/22794) so this won't happen till the next stable release after the bug is fixed at the earliest[0] Tested on Arch Linux, Fedora 25, Debian Jessie[1]. Regards, -- Yawning Angel [0]: What's the point of supporting AF_LOCAL if denying the creation of AF_INET sockets with seccomp-bpf renders the browser non-functional? [1]: I am aware that Stretch exists, but I can't be bothered updating my test VM. At least I tested it that target unlike the last release.

1 0

Please check reproducibility of mac build with Snowflake (e084e83418)
by David Fifield 02 Jul '17

02 Jul '17

I worked through some reproducibility issues and the mac build in the snowflake branch may be working. If someone has time, I would like them to test the build independently and see if they get the same hashes. repo: https://git.torproject.org/user/dcf/tor-browser-bundle.git branch: snowflake commit: e084e834184d5ff61aef4c7f172ec883e266bdf7 hashes: https://people.torproject.org/~dcf/pt-bundle/snowflake/20170630-7.5a1-e084e… I only need the mac hashes ("./mkbundle-mac versions.alpha"). It takes about three hours for me. Here is more information on the mac build: https://bugs.torproject.org/19001#comment:32 If it builds reproducibly, then we are close to having a merge-ready branch for mac.

2 3