On Fri, May 26, 2017 at 8:05 PM, Yawning Angel yawning@schwanenlied.me wrote:
On Fri, 26 May 2017 17:45:03 -0700 "Arthur D. Edelstein" arthuredelstein@gmail.com wrote:
Step 1: Containerize the whole bundle to defend against pwnage of the whole computer. Step 2: Create a external update mechanism and prevent firefox.exe from writing to its own directory or the tor directory. Step 3: Patch tor so that tor-launcher doesn't need to write to torrc at all to configure tor. Launch tor independently of the browser, but still configure tor using the tor-launcher extension UI, via a filtered control port. Prevent firefox from accessing tor directory or launching tor. Step 4: Write a new tor-controller UI in QT or similar that replaces functionality in tor-launcher and maybe the circuit display.
The existing Linux sandbox does all of this already. Re-doing something that already exists (twice), seems somewhat silly to me.
Of course it would be! :) For Linux, I was envisioning adopting your work into the standard TBB distribution. Not writing it again from scratch.
But we also need these steps on Windows and OS X. And my understanding is that on Linux there's more work to be done for step 4 and maybe some for the stopgap approach in step 3. Rather than waiting for a whole new tor-launcher UX in QT, maybe we can adopt your work from the earlier steps in standard TBB sooner.
Might be tricky for other reasons, but I guess? The big gotcha is that containerization is a privileged operation on sensible Linux systems.
That does indeed sound like a big problem. Any workarounds you know of?